Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - 4on4off

Pages: [1]
1
Hello,

My niece got a new laptop running windows 8. Doing her usual teenage girl facebook stuff and what not she got an update for adobe notice, which she clicked ok on. I don't know if that was legit or not but soon after she was getting popups relating to dating Asian women and suggestions to clean windows 8 by running some scan.

I got my hands on it and when I first got on the net I witnessed the popup ads for the Asian women and also the adobe update that didn't look like any I had seen before. I have not used windows 8 much but I would think the updates should be at least similar to other operating systems in appearance.

I fired up in safe mode and ran: ( I also disabled just about everything at startup via the task manager when doing this)

tdsskiller which found nothing.
mbam which found and removed 35 items(still have the log)
mbar which found and removed 5 items(still have the log)
adwcleaner
JRT which among other things had this registry entry found (Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?)

Also, working my way to this making this post an ie window opens up stating the following:
 "ATTENTION! It is recommended that you download FLV MPlayer to continue."

The title at the top of the browser says...... bizcoaching dot info .......

I think that it is all

Here is the security check log:

 Results of screen317's Security Check version 0.99.69 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Windows Defender           
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 TuneUp Utilities 2013   
 TuneUp Utilities Language Pack (en-US)
 TuneUp Utilities 2013   
 Adobe Flash Player    11.8.800.94 
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

Here are the dds logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384
Run by Ashley at 9:38:23 on 2013-07-17
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2791 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: GetSavin 5.0: {B3522C04-B9DB-4C57-AA22-929092423BDD} -
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Ashley\AppData\Local\DefineExt\temp.dat
BHO: SmileysWeLoveToolbar: {e4ef8a64-0a30-48f5-b3fe-5fda978da775} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: LyricsSing: {F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} - C:\Program Files (x86)\LyricSing\122.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: SmileysWeLove: {cf0f43ab-9c23-4d7b-8040-201b82844854} -
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pokki] C:\Windows\System32\rundll32.exe "C:\Users\Ashley\AppData\Local\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Ashley\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94}\F46666963656534376 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SmileysWeLoveToolbar: {e4ef8a64-0a30-48f5-b3fe-5fda978da775} -
x64-TB: SmileysWeLove: {cf0f43ab-9c23-4d7b-8040-201b82844854} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-1 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-9-1 98208]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-7-1 32808]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-1 165760]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-7-13 144368]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-1 364416]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-7-13 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-7-12 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSviA64.sys [2013-7-16 513184]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-1 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-1 43832]
R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-7-13 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-7-13 1139800]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-7-13 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-7-13 433752]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-7-13 23448]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-9-1 266896]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-1 41272]
.
=============== Created Last 30 ================
.
2013-07-17 16:25:02   252080   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07:58   --------   d-----w-   C:\Windows\ERUNT
2013-07-17 06:51:07   173   ----a-w-   C:\Windows\DeleteOnReboot.bat
2013-07-17 05:23:26   --------   d-----w-   C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40:40   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Malwarebytes
2013-07-17 04:40:31   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-07-17 04:40:30   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-07-17 04:40:30   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40:11   --------   d-----w-   C:\Users\Ashley\AppData\Local\Programs
2013-07-17 04:07:50   80216   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 04:07:50   694616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-17 03:39:44   --------   d-----w-   C:\Windows\pss
2013-07-15 18:31:19   --------   d-----w-   C:\Program Files (x86)\LyricSing
2013-07-15 02:40:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\CyberLink
2013-07-14 18:51:08   34656   ----a-w-   C:\Windows\System32\TURegOpt.exe
2013-07-14 18:51:03   25952   ----a-w-   C:\Windows\System32\authuitu.dll
2013-07-14 18:51:03   21344   ----a-w-   C:\Windows\SysWow64\authuitu.dll
2013-07-14 18:50:33   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\TuneUp Software
2013-07-14 18:50:25   --------   d-----w-   C:\Program Files (x86)\TuneUp Utilities 2013
2013-07-14 18:50:22   --------   d-----w-   C:\ProgramData\TuneUp Software
2013-07-14 18:50:14   --------   d-sh--w-   C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49:28   --------   d-----w-   C:\Program Files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49:01   --------   d-----w-   C:\Program Files (x86)\Tiny Media Player
2013-07-14 18:44:32   --------   d-----w-   C:\Users\Ashley\AppData\Local\Pokki
2013-07-14 18:42:17   --------   d-----w-   C:\Users\Ashley\AppData\Local\Updater21058
2013-07-14 18:41:08   --------   d-----w-   C:\Users\Ashley\AppData\Local\CRE
2013-07-13 19:18:39   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2013-07-13 19:15:05   --------   d-----w-   C:\Program Files\Paint.NET
2013-07-13 19:14:32   --------   d-----w-   C:\Program Files (x86)\MyPC Backup
2013-07-13 19:14:15   --------   d-----w-   C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
2013-07-13 19:13:51   45856   ----a-w-   C:\Windows\System32\drivers\avgtpx64.sys
2013-07-13 19:13:41   --------   d-----w-   C:\ProgramData\AVG SafeGuard toolbar
2013-07-13 19:13:35   --------   d-----w-   C:\Program Files (x86)\AVG SafeGuard toolbar
2013-07-13 19:13:34   --------   d-----w-   C:\Users\Ashley\AppData\Local\Paint.NET
2013-07-13 19:12:43   --------   d--h--w-   C:\ProgramData\Common Files
2013-07-13 17:29:32   433752   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys
2013-07-13 17:29:32   23448   ----a-r-   C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys
2013-07-13 17:29:31   796760   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-07-13 17:29:31   493656   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-07-13 17:29:31   36952   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
2013-07-13 17:29:31   224416   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys
2013-07-13 17:29:31   169048   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
2013-07-13 17:29:31   1139800   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-07-13 17:29:05   --------   d-----w-   C:\Windows\System32\drivers\NISx64\1404000.028
2013-07-13 03:16:07   144384   ----a-w-   C:\Windows\System32\tssdisai.dll
2013-07-13 03:16:07   135680   ----a-w-   C:\Windows\System32\appserverai.dll
2013-07-13 03:16:07   126976   ----a-w-   C:\Windows\System32\RDWebAI.dll
2013-07-13 03:16:07   122880   ----a-w-   C:\Windows\System32\VmHostAI.dll
2013-07-13 03:16:06   148480   ----a-w-   C:\Windows\System32\poqexec.exe
2013-07-13 03:16:06   132608   ----a-w-   C:\Windows\SysWow64\poqexec.exe
2013-07-13 03:08:59   2361344   ----a-w-   C:\Windows\System32\msxml6.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2013-07-13 03:08:58   1836032   ----a-w-   C:\Windows\System32\msxml3.dll
2013-07-13 03:08:58   1802240   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2013-07-13 03:08:58   1438720   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2013-07-12 19:55:19   --------   d-----w-   C:\Users\Ashley\AppData\Local\Adobe
2013-07-12 19:47:04   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\hpqlog
2013-07-12 17:18:32   50784   ----a-w-   C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18:30   17536   ----a-w-   C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02:49   --------   d-----r-   C:\Program Files (x86)\Skype
2013-07-12 07:00:53   --------   d-----w-   C:\Users\Ashley\AppData\Local\DefineExt
2013-07-12 06:58:54   --------   d-----w-   C:\Users\Ashley\AppData\Local\Real
2013-07-12 06:58:47   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\RealNetworks
2013-07-12 06:58:21   --------   d-----w-   C:\Program Files (x86)\RealNetworks
2013-07-12 06:58:19   --------   d-----w-   C:\ProgramData\RealNetworks
2013-07-12 06:58:09   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2013-07-12 06:57:24   --------   d-----w-   C:\Users\Ashley\AppData\Local\Google
2013-07-12 04:02:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
2013-07-12 04:02:14   --------   d-----w-   C:\Users\Ashley\AppData\Local\Hewlett-Packard
2013-07-12 02:54:40   --------   d-----w-   C:\Users\Ashley\AppData\Local\CrashDumps
2013-07-12 02:54:21   --------   d-----w-   C:\Users\Ashley\AppData\Local\Diagnostics
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Searches
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Contacts
2013-07-12 02:43:14   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Synaptics
2013-07-12 02:43:07   --------   d-----w-   C:\Users\Ashley\AppData\Local\Power2Go8
2013-07-12 02:42:46   --------   d-----w-   C:\Users\Ashley\AppData\Local\VirtualStore
2013-07-12 02:42:30   --------   d-----w-   C:\Users\Ashley\AppData\Local\Packages
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Videos
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Saved Games
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Pictures
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Music
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Links
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Downloads
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Documents
.
==================== Find3M  ====================
.
2013-07-13 17:31:11   177312   ----a-w-   C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-12 06:57:57   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2013-07-12 06:57:57   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2013-05-17 02:12:26   819440   ----a-w-   C:\Windows\System32\SynCOM.dll
2013-05-17 02:12:26   351984   ----a-w-   C:\Windows\SysWow64\SynCom.dll
2013-05-17 02:12:22   524016   ----a-w-   C:\Windows\System32\drivers\SynTP.sys
2013-05-17 02:12:22   192240   ----a-w-   C:\Windows\System32\SynTPCo19.dll
2013-05-17 02:12:22   151280   ----a-w-   C:\Windows\SysWow64\SynTPCom.dll
2013-05-17 02:12:20   264432   ----a-w-   C:\Windows\System32\SynTPAPI.dll
.
============= FINISH:  9:39:06.74 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2013 7:40:45 PM
System Uptime: 7/17/2013 9:32:13 AM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 1854
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz | U3E1 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 442 GiB total, 398.843 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 2.738 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 7/12/2013 12:02:16 AM - Installed Skype™ 6.3
RP5: 7/13/2013 12:13:41 PM - Paint.NET v3.5.10
RP6: 7/14/2013 12:19:06 PM - Removed Smileys We Love Toolbar for IE
.
==== Installed Programs ======================
.
4 Elements II
Adobe Shockwave Player 11.6
AVG SafeGuard toolbar
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Chuzzle Deluxe
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Define Ext
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
GetSavin
Google Chrome
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
John Deere Drive Green
Luxor Evolved
LyricsSing
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
MSVCRT
MyPC Backup
Mystery P.I. - Curious Case of Counterfeit Cove
Norton Internet Security
Paint.NET v3.5.10
Peggle Nights
Penguins!
Pokki
Polar Bowler
Polar Golfer
QuickShare
Ralink RT5390R 802.11bgn Wi-Fi Adapter
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
RegCure Pro
Roads of Rome 3
Savings Explorer
Skype™ 6.3
Smileys We Love Toolbar for IE
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Tiny Media Player v1.0
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/17/2013 9:32:56 AM, Error: Service Control Manager [7000]  - The vToolbarUpdater15.3.0 service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================


Sorry for the long windedness.

4

2
Analysis and Malware Removal / Post clean up second opinion
« on: September 11, 2012, 11:01:35 PM »
Hello,

A laptop with a fresh install was put into the hands of a teenager and returned to me within 10 days with an occasional bsod issue.

I ran MWB, found and removed 63 funmood.pup related items.
I ran SAS, found and removed several items related to babylon toolbar, dealcabby and playbryte.
I ran ESET, found and removed 8 items associated with the above.
I ran TDSSkiller, found nothing.
I ran aswMBR, detected items related to playbryte, used Revo to unistall that and dealcabby,
I reran aswMBR and it did not detect the above bet detected some volume information restore items, turned off system restore and rebooted to clear restore points.
I reran aswMBR and it detected nothing but did have the following listed in yellow:
 Service MpKsl6c47b8ef c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43CE331C-A64D-44ED-97BC-C3170F1C6BB9}\MpKsl6c47b8ef.sys **LOCKED** 32
I ran MWB again and it detected nothing.

I think, outside of an ac adapter error at boot, I have it cleaned up but would appreciate an expert opinion.

Here is the Security check log:

 Results of screen317's Security Check version 0.99.50 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.65.0.1400 
 CCleaner     
 Java 7 Update 7 
 Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]


Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by ME at 16:40:27 on 2012-09-11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.894.452 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0EyE0CtA0Bzy0D0B0DyE0BtAtBtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1964784783
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.7.2.0\bh\BabylonToolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346446056722
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346448561406
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2F8F61AD-3B33-4E11-BB3E-64F221B3491A} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl6c47b8ef;MpKsl6c47b8ef;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43ce331c-a64d-44ed-97bc-c3170f1c6bb9}\MpKsl6c47b8ef.sys [2012-9-11 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-9-11 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-9-11 116648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-11 23:02:09   29904   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43ce331c-a64d-44ed-97bc-c3170f1c6bb9}\MpKsl6c47b8ef.sys
2012-09-11 21:50:14   --------   d-----w-   c:\windows\pss
2012-09-11 21:43:32   --------   d-----w-   c:\program files\CCleaner
2012-09-11 21:08:55   --------   d-----w-   c:\program files\VS Revo Group
2012-09-11 19:28:03   --------   d-----w-   c:\documents and settings\me\application data\SUPERAntiSpyware.com
2012-09-11 19:27:42   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-09-11 19:27:42   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-11 15:07:50   --------   d-----w-   c:\documents and settings\me\application data\Malwarebytes
2012-09-11 15:07:26   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-09-11 15:07:23   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-11 15:07:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-09-11 15:07:14   7022536   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43ce331c-a64d-44ed-97bc-c3170f1c6bb9}\mpengine.dll
2012-09-10 04:56:07   7022536   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-10 04:51:11   --------   d-----w-   c:\documents and settings\me\application data\Funmoods
2012-09-10 04:51:10   --------   d-----w-   c:\documents and settings\me\application data\BabylonToolbar
2012-09-10 04:35:58   --------   d-----w-   c:\program files\Funmoods
2012-09-10 04:35:58   --------   d-----w-   c:\documents and settings\me\local settings\application data\Wajam
2012-09-10 04:26:23   --------   d-----w-   c:\program files\BabylonToolbar
2012-09-10 04:26:02   --------   d-----w-   c:\documents and settings\me\local settings\application data\dealcabby
2012-09-10 04:25:59   --------   d-----w-   c:\documents and settings\me\application data\Babylon
2012-09-10 04:25:59   --------   d-----w-   c:\documents and settings\all users\application data\Babylon
2012-09-04 23:37:56   --------   d-----w-   c:\documents and settings\me\local settings\application data\Google
2012-09-04 23:37:31   --------   d-----w-   c:\documents and settings\me\local settings\application data\Deployment
2012-09-04 23:18:43   17136   ----a-w-   c:\windows\system32\mucltui.dll.mui
2012-09-04 23:18:42   275696   ----a-w-   c:\windows\system32\mucltui.dll
2012-08-31 23:50:50   --------   d-----w-   c:\windows\system32\Adobe
2012-08-31 23:48:58   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-08-31 23:45:04   --------   d-----w-   c:\program files\Microsoft Security Client
2012-08-31 22:59:57   --------   d-----w-   c:\windows\SxsCaPendDel
2012-08-31 22:42:06   --------   d-----w-   c:\windows\system32\XPSViewer
2012-08-31 22:41:47   89088   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-08-31 22:41:37   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-08-31 22:41:37   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-08-31 22:41:37   597504   ------w-   c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-08-31 22:41:37   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2012-08-31 22:41:37   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2012-08-31 22:41:37   117760   ------w-   c:\windows\system32\prntvpt.dll
2012-08-31 22:41:36   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2012-08-31 22:41:36   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2012-08-31 22:41:36   --------   d-----w-   C:\3816b72c9ecaa6cb1a
2012-08-31 22:38:04   --------   d-----w-   c:\documents and settings\me\local settings\application data\Sun
2012-08-31 22:30:21   73416   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 22:30:21   696520   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-31 22:27:53   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-08-31 22:27:53   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-08-31 22:27:53   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-08-31 22:27:49   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 21:50:33   --------   d-----w-   c:\windows\Downloaded Installations
2012-08-31 21:41:24   --------   d-----w-   c:\documents and settings\me\local settings\application data\ATI
2012-08-31 21:40:11   216800   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2012-08-31 21:40:11   147456   ----a-w-   c:\windows\system32\SynTPAPI.dll
2012-08-31 21:40:11   110592   ----a-w-   c:\windows\system32\SynTPCo4.dll
2012-08-31 21:40:10   196608   ----a-w-   c:\windows\system32\SynCtrl.dll
2012-08-31 21:40:10   163840   ----a-w-   c:\windows\system32\SynCOM.dll
2012-08-31 21:40:10   --------   d-----w-   c:\program files\Synaptics
2012-08-31 21:36:12   --------   d-----w-   c:\program files\ATI Technologies
2012-08-31 21:34:47   36864   ----a-w-   c:\windows\system32\drivers\AmdK8.sys
2012-08-31 21:34:46   --------   d-----w-   c:\program files\AMD
2012-08-31 21:33:57   --------   d-----w-   c:\windows\system32\ReinstallBackups
2012-08-31 21:33:43   729088   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-08-31 21:33:43   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-08-31 21:33:43   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-08-31 21:33:43   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-08-31 21:33:43   192512   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-08-31 21:33:43   188548   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-08-31 21:33:42   311428   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-08-31 21:20:10   --------   d-sh--w-   c:\documents and settings\me\PrivacIE
2012-08-31 21:10:50   --------   d-sh--w-   c:\documents and settings\me\IETldCache
2012-08-31 21:06:16   521728   -c----w-   c:\windows\system32\dllcache\jsdbgui.dll
2012-08-31 21:05:52   6144   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2012-08-31 21:05:37   --------   d-----w-   c:\windows\ie8updates
2012-08-31 21:05:33   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2012-08-31 21:05:33   629760   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2012-08-31 21:05:33   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2012-08-31 21:05:33   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2012-08-31 21:05:33   2000384   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2012-08-31 21:05:33   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2012-08-31 21:05:33   11111424   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2012-08-31 21:04:38   --------   dc-h--w-   c:\windows\ie8
2012-08-31 20:51:37   456320   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2012-08-31 20:50:48   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2012-08-31 20:50:48   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2012-08-31 20:48:19   2148352   -c----w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2012-08-31 20:48:18   2192640   -c----w-   c:\windows\system32\dllcache\ntoskrnl.exe
2012-08-31 20:48:18   2026496   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2012-08-31 20:47:34   --------   d-sh--w-   c:\documents and settings\me\UserData
2012-08-31 20:46:37   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2012-08-31 20:46:08   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-08-31 20:46:08   3072   ------w-   c:\windows\system32\iacenc.dll
2012-08-31 20:44:20   26144   ----a-w-   c:\windows\system32\spupdsvc.exe
2012-08-31 20:44:20   --------   d-----w-   c:\windows\system32\PreInstall
2012-08-31 20:44:19   --------   d--h--w-   c:\windows\$hf_mig$
2012-08-31 20:39:51   6272   -c--a-w-   c:\windows\system32\dllcache\splitter.sys
2012-08-31 20:38:02   989952   ----a-r-   c:\windows\system32\drivers\HSF_DPV.sys
2012-08-31 20:38:02   94208   ----a-r-   c:\windows\system32\mdmxsdk.dll
2012-08-31 20:38:02   731136   ----a-r-   c:\windows\system32\drivers\HSF_CNXT.sys
2012-08-31 20:38:02   217088   ----a-w-   c:\windows\system32\UCI32M21.dll
2012-08-31 20:38:02   211200   ----a-r-   c:\windows\system32\drivers\HSFHWAZL.sys
2012-08-31 20:38:02   12672   ----a-r-   c:\windows\system32\drivers\mdmxsdk.sys
2012-08-31 20:38:02   --------   d-----w-   c:\program files\CONEXANT
2012-08-31 20:28:19   --------   d-----w-   c:\windows\system32\SoftwareDistribution
2012-08-31 20:27:58   45568   ----a-r-   c:\windows\system32\drivers\bcm4sbxp.sys
2012-08-31 20:27:54   --------   d-----w-   c:\program files\Broadcom
2012-08-31 20:27:19   --------   d-----w-   C:\dell
2012-08-31 19:14:45   26368   -c--a-w-   c:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M  ====================
.
2012-07-06 13:58:51   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05:18   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49:33   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49:32   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43   385024   ------w-   c:\windows\system32\html.iec
2012-06-28 21:33:04   81920   ------w-   c:\windows\system32\ieencode.dll
.
============= FINISH: 16:41:12.64 ===============


Here is the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2012 9:33:24 AM
System Uptime: 9/11/2012 4:00:32 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0WY383
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket M2/S1G1 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 142.333 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AMD Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Babylon toolbar on IE
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
CCleaner
Conexant HDA D330 MDC V.92 Modem
Dell Touchpad
Dell Wireless WLAN Card Utility
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SigmaTel Audio
SUPERAntiSpyware
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
9/9/2012 9:26:25 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/9/2012 10:27:40 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdK8 Fips MpFilter
9/9/2012 10:26:27 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/9/2012 10:14:20 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.8 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/9/2012 10:13:13 AM, error: System Error [1003]  - Error code 1000000a, parameter1 e8f43340, parameter2 00000002, parameter3 00000000, parameter4 80523a24.
9/7/2012 6:08:15 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.9 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/5/2012 8:46:57 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.6 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/5/2012 6:19:02 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.12 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/4/2012 8:22:52 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.14 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/4/2012 4:17:50 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.145 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/11/2012 9:48:23 AM, error: System Error [1003]  - Error code 100000d1, parameter1 98706faf, parameter2 00000007, parameter3 00000000, parameter4 f7393021.
9/11/2012 9:01:35 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
9/11/2012 8:01:47 AM, error: Service Control Manager [7034]  - The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
9/11/2012 7:50:41 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.10 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/11/2012 2:57:49 PM, error: ACPIEC [1]  - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period.  This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.  The EC driver will retry the failed transaction if possible.
9/11/2012 2:47:29 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
9/11/2012 2:47:29 PM, error: Service Control Manager [7034]  - The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).
9/11/2012 2:47:29 PM, error: Service Control Manager [7031]  - The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/11/2012 2:47:29 PM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
9/11/2012 2:47:29 PM, error: Service Control Manager [7031]  - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/11/2012 10:19:15 AM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================


Not sure how to read those yet.

Thank you.

4

3
Analysis and Malware Removal / Smart pc Cleaner
« on: August 23, 2012, 05:14:03 AM »
Hello,

My friend at work has been having issued with his laptop. He is running win7 home premium. The main thing that he has been noticing is a popup for Smart pc Cleaner that pops up whenever he starts his laptop that says he has some outlandish number of things that need to be checked.

Here is the checkup log:

  Results of screen317's Security Check version 0.99.46 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.62.0.1300 
 Smart PC Cleaner v3.0 
 Adobe Reader X 10.1.3 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Arrowhead at 23:03:42 on 2012-08-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1900.841 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Shop To Win\ShopToWin.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\ytbb.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.tdn.com/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {5e89d89e-4280-65b4-95ac-388697067b31} - C:\Program Files (x86)\Shop to Win 28\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - C:\Users\Arrowhead\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120714144935.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Arrowhead\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Shop to Win: {a0d2864a-05fa-91f4-a5cc-def70d52f5af} - C:\Program Files (x86)\Shop to Win 28\Shop to Win 28.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: TheSea.TheSeaPlugin: {c585d593-e7f3-4852-a200-561686ee02e4} - mscoree.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} - mscoree.dll
uRun: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe
uRun: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{32ABD6CA-786B-43B5-AEC8-D7EED6D70F4D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{32ABD6CA-786B-43B5-AEC8-D7EED6D70F4D}\7427561637976627F676 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{32ABD6CA-786B-43B5-AEC8-D7EED6D70F4D}\84F4D454D253545323 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B3917305-A200-44C0-9D84-D55943D066B9} : DhcpNameServer = 40.12.1.201 40.12.1.202
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64:     0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Arrowhead\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO-X64:     Qwiklinx - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120714144935.dll
BHO-X64:     scriptproxy - No File
BHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Arrowhead\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-X64:     DefaultTabBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Shop to Win: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - C:\Program Files (x86)\Shop to Win 28\Shop to Win 28.dll
BHO-X64:     FCTBPos00Pos - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: TheSea.TheSeaPlugin: {C585D593-E7F3-4852-A200-561686EE02E4} - mscoree.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
BHO-X64:     ShopAtHomeIEHelper - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {c585d593-e7f4-4852-a200-561686ee02e4} - No File
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-14 352336]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-9-26 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-17 29696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-14 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-14 244624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-7-14 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-7-14 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-26 2656280]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-25 935008]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Arrowhead\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-8-1 107520]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-2 136176]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-2 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-7-14 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-23 03:52:55   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Malwarebytes
2012-08-23 03:52:45   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-08-23 03:52:44   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-08-23 03:52:44   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-19 03:19:03   503808   ----a-w-   C:\Windows\System32\srcore.dll
2012-08-19 03:19:03   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2012-08-19 03:18:55   751104   ----a-w-   C:\Windows\System32\win32spl.dll
2012-08-19 03:18:55   559104   ----a-w-   C:\Windows\System32\spoolsv.exe
2012-08-19 03:18:54   67072   ----a-w-   C:\Windows\splwow64.exe
2012-08-19 03:18:54   492032   ----a-w-   C:\Windows\SysWow64\win32spl.dll
2012-08-19 03:18:44   59392   ----a-w-   C:\Windows\System32\browcli.dll
2012-08-19 03:18:44   136704   ----a-w-   C:\Windows\System32\browser.dll
2012-08-19 03:18:42   41984   ----a-w-   C:\Windows\SysWow64\browcli.dll
2012-08-19 03:18:34   3148800   ----a-w-   C:\Windows\System32\win32k.sys
2012-08-19 03:17:59   956928   ----a-w-   C:\Windows\System32\localspl.dll
2012-08-09 17:27:43   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-04 05:43:53   --------   d-----w-   C:\Windows\System32\drivers\NSSx64\0307020.005
2012-08-04 05:43:53   --------   d-----w-   C:\Windows\System32\drivers\NSSx64
2012-08-04 05:43:52   --------   d-----w-   C:\Program Files (x86)\Norton Security Scan
2012-08-04 05:43:49   --------   d-----w-   C:\ProgramData\Norton
2012-08-04 05:43:39   --------   d-----w-   C:\ProgramData\NortonInstaller
2012-08-04 05:43:39   --------   d-----w-   C:\Program Files (x86)\NortonInstaller
2012-08-04 04:13:43   --------   d-----w-   C:\Users\Arrowhead\AppData\Local\Unity
2012-08-02 18:25:35   --------   d-----w-   C:\Windows\SysWow64\Adobe
2012-08-02 02:19:17   --------   d-----w-   C:\Users\Arrowhead\AppData\Local\visi_coupon
2012-08-02 02:19:08   --------   d-----w-   C:\extensions
2012-08-02 02:19:03   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Qwiklinx
2012-08-02 02:19:02   --------   d-----w-   C:\Program Files (x86)\Qwiklinx
2012-08-02 02:18:34   --------   d-----w-   C:\Program Files (x86)\Shop to Win 28
2012-08-02 02:18:08   --------   d-----w-   C:\Program Files (x86)\Playalot Games
2012-08-02 02:17:20   --------   d-----w-   C:\Program Files (x86)\Shop To Win
2012-08-02 02:16:08   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Smart PC Cleaner
2012-08-02 02:16:06   --------   d-----w-   C:\Program Files (x86)\Free Offers from Freeze.com
2012-08-02 02:16:01   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\DefaultTab
2012-08-02 02:15:35   --------   d-----w-   C:\Program Files (x86)\The Sea App (Internet Explorer)
2012-08-02 02:15:21   --------   d-----w-   C:\Program Files (x86)\Smart PC Cleaner
2012-08-02 02:14:40   --------   d-----w-   C:\Program Files (x86)\Yahoo!
2012-08-01 16:34:07   --------   d-----w-   C:\ProgramData\HipSoft
2012-07-27 21:22:24   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\runic games
2012-07-27 17:43:30   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\FloodLightGames
2012-07-27 17:43:30   --------   d-----w-   C:\ProgramData\FloodLightGames
2012-07-27 16:21:08   737072   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-27 16:20:38   4283672   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-27 16:20:12   42776   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-07-27 16:20:03   539984   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-26 02:29:21   --------   d-----w-   C:\Users\Arrowhead\AppData\Local\Apple Computer
2012-07-26 02:29:19   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Barnes & Noble
2012-07-26 01:32:33   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Jewel Match 3
2012-07-25 22:49:56   --------   d-----w-   C:\Users\Arrowhead\AppData\Roaming\Mystery of Mortlake Mansion
.
==================== Find3M  ====================
.
2012-06-29 03:56:34   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-06-29 03:48:07   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16   2004480   ----a-w-   C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16   1881600   ----a-w-   C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54   1133568   ----a-w-   C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52   1390080   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52   1236992   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06   805376   ----a-w-   C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10   458704   ----a-w-   C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16   95600   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16   151920   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31   340992   ----a-w-   C:\Windows\System32\schannel.dll
2012-06-02 05:44:21   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39   225280   ----a-w-   C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10   219136   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 23:04:29.09 ===============

Here is the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2012 9:50:04 PM
System Uptime: 8/22/2012 9:34:26 PM (2 hours ago)
.
Motherboard: Acer |  | HMA51_HR
Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz | CPU1 | 795/1067mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 178.024 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP34: 6/15/2012 4:26:40 PM - Windows Update
RP35: 7/5/2012 10:52:30 PM - Windows Update
RP36: 7/14/2012 2:44:07 PM - Windows Update
RP37: 7/18/2012 1:13:13 PM - Windows Update
RP38: 7/31/2012 10:02:15 AM - Scheduled Checkpoint
RP39: 8/9/2012 10:08:16 AM - Scheduled Checkpoint
RP40: 8/19/2012 9:33:29 AM - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.6
Agatha Christie - Death on the Nile
Alcor Micro USB Card Reader
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG Security Toolbar
Backup Manager V3
Big Fish Games: Game Manager
Bing Bar
clear.fi
clear.fi Client
D3DX10
DefaultTab
eBay Worldwide
FATE: The Cursed King
Final Drive: Nitro
Galerie de photos Windows Live
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Jewel Match 3
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Internet Security Suite
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
Mystery of Mortlake Mansion
MyWinLocker 4
MyWinLocker Suite
newsXpresso
NOOK for PC
Norton Online Backup
Norton Security Scan
NTI Media Maker 9
Penguins!
Plants vs. Zombies
Plants vs. Zombies - Game of the Year
Playalot Games
Polar Bowler
Polar Golfer
Qwiklinx
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shop To Win
ShopAtHome.com Toolbar
Shredder
Skype™ 5.3
Smart PC Cleaner v3.0
swMSM
The Sea App (Internet Explorer)
Times Reader
Torchlight
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/22/2012 9:34:10 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/22/2012 8:59:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
8/22/2012 8:55:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/22/2012 8:55:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/22/2012 8:55:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/22/2012 8:55:34 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6
8/22/2012 8:55:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/22/2012 10:50:06 PM, Error: Service Control Manager [7034]  - The DefaultTabUpdate service terminated unexpectedly.  It has done this 1 time(s).
8/19/2012 9:33:03 AM, Error: Service Control Manager [7031]  - The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/19/2012 9:32:49 AM, Error: Service Control Manager [7034]  - The McAfee Scanner service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================


I think I got that right.

4

4
Analysis and Malware Removal / slow infected laptop
« on: July 11, 2012, 08:55:38 PM »
Hello,

My niece's Dell Inspiron 1545 is running vista home premium 32bit. was complaining about it being sluggish and slow to boot.
I deselected several unecessary start up items and ran mwb in safemode which founds 264 items. Mainly pup.mywebsearch or the like along with a few trojans - BHO and Dropper. I did save the log if needed.

I also removed utorrent and frostwire along wih a few extra toolbars.

Here is the checkup.txt:

 Results of screen317's Security Check version 0.99.42 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.61.0.1400 
 TuneUp Companion 1.9.0   
 Java(TM) 6 Update 30 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player    11.1.102.62 
 Adobe Reader 8 Adobe Reader out of Date!
 Google Chrome 19.0.1084.46 
 Google Chrome 19.0.1084.56 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 9 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````[/u]

Here is the the dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272
Run by Aaliyah Kilbourne at 17:25:59 on 2012-07-11
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3034.1550 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\sminst\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\windows\SMINST\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Aaliyah Kilbourne\AppData\Local\MediaGet2\mediaget.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime (drop down deals)\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MediaGet2] c:\users\aaliyah kilbourne\appdata\local\mediaget2\mediaget.exe --minimized
uRun: [Facebook Update] "c:\users\aaliyah kilbourne\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
StartupFolder: c:\users\aaliya~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{78C7D670-D03A-4507-9331-32218139DE48} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CA751E5C-C08C-47DD-B897-54EEB75B4976} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-20 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;c:\program files\common files\dell\mysql\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-1-5 173296]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-6-20 632048]
R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-7 54632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-20 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-20 40552]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusb.sys [2002-2-20 70016]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2012-07-11 21:11:37   2047488   ----a-w-   c:\windows\system32\win32k.sys
2012-07-11 20:53:35   708608   ----a-w-   c:\program files\common files\system\ado\msado15.dll
2012-07-11 20:53:30   1401856   ----a-w-   c:\windows\system32\msxml6.dll
2012-07-11 20:53:30   1248768   ----a-w-   c:\windows\system32\msxml3.dll
2012-07-11 20:53:26   440704   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-07-11 20:53:25   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-07-11 20:53:25   204288   ----a-w-   c:\windows\system32\ncrypt.dll
2012-07-11 20:33:17   713784   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{386d93b8-f4e5-45d7-a17c-b974a0f47a5b}\gapaengine.dll
2012-07-11 20:31:53   6762896   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{888545ff-08f0-4a11-8c19-1b917058edf2}\mpengine.dll
2012-07-11 20:24:15   --------   d-----w-   c:\program files\Microsoft Security Client
2012-07-11 20:23:17   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-07-11 19:52:58   --------   d-----w-   c:\program files\VS Revo Group
2012-07-11 17:37:36   --------   d-----w-   c:\users\aaliyah kilbourne\appdata\roaming\Malwarebytes
2012-07-11 17:37:32   --------   d-----w-   c:\programdata\Malwarebytes
2012-07-11 17:37:31   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-11 17:37:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-07-11 17:07:08   --------   d-----w-   c:\windows\pss
2012-07-03 09:26:18   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-07-03 09:24:39   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-07-03 09:23:47   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-07-03 09:23:47   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-12 20:58:54   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-12 20:58:37   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-12 20:58:25   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-12 20:55:59   197632   ----a-w-   c:\program files\internet explorer\IEShims.dll
2012-06-12 20:55:59   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-06-12 20:55:58   71680   ----a-w-   c:\windows\system32\iesetup.dll
2012-06-12 20:55:58   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-06-12 20:55:58   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2012-06-12 20:55:53   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2012-06-12 20:38:48   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M  ====================
.
2012-05-15 06:37:49   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-05-15 06:32:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-05-15 05:01:56   385024   ----a-w-   c:\windows\system32\html.iec
.
============= FINISH: 17:27:13.10 ===============


Here is the attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 6/19/2009 6:58:39 PM
System Uptime: 7/11/2012 5:16:07 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Celeron(R) Dual-Core CPU       T3000  @ 1.80GHz | Microprocessor | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 44.667 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 8.871 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Screaming Bee Audio
Device ID: ROOT\MEDIA\0000
Manufacturer: Screaming Bee
Name: Screaming Bee Audio
PNP Device ID: ROOT\MEDIA\0000
Service: SCREAMINGBDRIVER
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510af_Help
4500G510af
4500G510af_Software_Min
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Amnesia - The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AVS Update Manager 1.0
Bing Bar
Bonjour
BufferChm
CameraHelperMsi
Carbonite Online Backup Setup
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conduit Engine
Corel Graphics - Windows Shell Extension
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Destinations
DeviceDiscovery
DivX Plus Web Player
DocMgr
DocProc
Drivers Install For Linksys Easylink Advisor
EA Download Manager
erLT
Facebook Video Calling 1.2.0.159
Fax
Façade
Firebird SQL Server - MAGIX Edition
FL Studio 10
Google Chrome
GoToAssist 8.0.0.514
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510a-f
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
HyperCam Toolbar
IL Download Manager
IMVU Avatar Chat Software
Instant Play Guitar Express
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Katawa Shoujo
Linksys EasyLink Advisor 1.6 (0032)
Logitech Vid HD
Logitech Webcam Software
Love & Order
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic ISO Maker v5.5 (build 0281)
MAGIX Screenshare
MAGIX Speed 2 (MSI)
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
MediaGet2 version 2.1.538.0
MediaGet2 version 2.1.716.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Game Studio 3.1
Microsoft XNA Game Studio 3.1 (ARP entry)
Microsoft XNA Game Studio 3.1 (Platformer)
Microsoft XNA Game Studio 3.1 (Redists)
Microsoft XNA Game Studio 3.1 (Shared Components)
Microsoft XNA Game Studio 3.1 (VCSExpress)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
Microsoft XNA Game Studio 3.1 Documentation
Microsoft XNA Game Studio Platform Tools
Mobile Broadband Generic Drivers
MobileMe Control Panel
MorphVOX Pro
MP3 Rocket FileBulldog Toolbar
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Coach Player
My Magical Cosplay Cafe 1.0
Nancy Drew: The Curse of Blackmoor Manor
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
ooVoo
OpenOffice.org 3.1
osu!
Pando Media Booster
PESTERCHUM
PowerDVD DX
QuickSet
QuickTime
RE: Alistair++ 1
Revo Uninstaller 1.94
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Spotify
SQL Server System CLR Types
Status
TalkAndWrite
Text-To-Speech-Runtime
The Sims Medieval
The Sims™ 3
The Sims™ 3 World Adventures
ToggleEN Toolbar
Toolbox
TrayApp
TuneUp Companion 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.4053
video-processor
Virtual DJ - Atomix Productions
VirtualCloneDrive
VLC media player 1.0.3
WebReg
WhiteBoardMeeting
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Yontoo Layers Runtime (Drop Down Deals) 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
7/5/2012 2:24:04 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
7/11/2012 5:22:16 PM, Error: netbt [4321]  - The name "SCOTT-PC       :0" could not be registered on the interface with IP address 192.168.2.150. The computer with the IP address 192.168.2.148 did not allow the name to be claimed by this computer.
7/11/2012 5:19:15 PM, Error: Service Control Manager [7000]  - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/11/2012 5:19:15 PM, Error: Service Control Manager [7000]  - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/11/2012 5:19:15 PM, Error: Service Control Manager [7000]  - The Instant Wireless USB Network Adapter ver.2.6 Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/11/2012 5:02:25 PM, Error: netbt [4321]  - The name "JILL-PC        :0" could not be registered on the interface with IP address 192.168.2.150. The computer with the IP address 192.168.2.147 did not allow the name to be claimed by this computer.
7/11/2012 4:29:27 PM, Error: VDS Dynamic Provider [10]  - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
7/11/2012 3:49:43 PM, Error: netbt [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.2.150. The computer with the IP address 192.168.2.148 did not allow the name to be claimed by this computer.
7/11/2012 3:46:00 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/11/2012 3:45:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/11/2012 3:45:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/11/2012 3:45:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/11/2012 3:45:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/11/2012 3:44:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
7/11/2012 3:42:44 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 3:42:02 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ElbyCDIO spldr Wanarpv6
7/11/2012 3:42:02 PM, Error: Service Control Manager [7001]  - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 3:42:02 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 3:41:01 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
7/11/2012 3:40:44 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048]  - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
7/11/2012 3:40:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/11/2012 12:49:30 PM, Error: EventLog [6008]  - The previous system shutdown at 12:46:17 PM on 7/11/2012 was unexpected.
7/11/2012 12:46:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
7/11/2012 1:20:55 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/11/2012 1:11:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
.
==== End Of File ===========================

sheesh, that took awhile cuz her keyboard had something spilled on it so some keys are sticky and some don't work.lol

anyway, also for some reason everytime it boots I get the beeping noise and it wants me to the os, only one is listed.

Thank you for any assistance.

4





Pages: [1]