Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - 4on4off

Pages: 1 [2] 3 4
16
Ha. I took a peek just before laying back down and see you responded.

Here are the DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Ashley at 13:12:31 on 2013-07-18
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.3069 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: GetSavin 5.0: {B3522C04-B9DB-4C57-AA22-929092423BDD} -
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} -
BHO: SmileysWeLoveToolbar: {e4ef8a64-0a30-48f5-b3fe-5fda978da775} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94}\F46666963656534376 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-mPolicies-Explorer: NoDrives = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-1 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-9-1 98208]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-1 165760]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-1 364416]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-1 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-1 43832]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
RUnknown EraserUtilRebootDrv;EraserUtilRebootDrv;

RUnknown SymIRON;SymIRON;

RUnknown SymNetS;SymNetS;

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-9-1 266896]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-1 41272]
.
=============== Created Last 30 ================
.
2013-07-18 15:22:02   78200   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 15:22:02   693112   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-18 14:45:26   --------   d-sh--w-   C:\$RECYCLE.BIN
2013-07-18 14:39:48   --------   d-----w-   C:\Users\Ashley\AppData\Local\temp
2013-07-17 23:45:29   2367528   ----a-w-   C:\Windows\System32\WSService.dll
2013-07-17 23:45:20   3265256   ----a-w-   C:\Windows\System32\drivers\evbda.sys
2013-07-17 23:45:09   2397184   ----a-w-   C:\Windows\System32\WpcMon.exe
2013-07-17 23:45:04   3847168   ----a-w-   C:\Windows\System32\d2d1.dll
2013-07-17 23:45:02   3964416   ----a-w-   C:\Windows\System32\WinSAT.exe
2013-07-17 23:43:45   301568   ----a-w-   C:\Windows\System32\newdev.dll
2013-07-17 23:43:44   76288   ----a-w-   C:\Windows\System32\newdev.exe
2013-07-17 23:43:44   75264   ----a-w-   C:\Windows\System32\ndadmin.exe
2013-07-17 23:43:44   74240   ----a-w-   C:\Windows\SysWow64\newdev.exe
2013-07-17 23:43:44   73728   ----a-w-   C:\Windows\SysWow64\ndadmin.exe
2013-07-17 23:43:44   275968   ----a-w-   C:\Windows\SysWow64\newdev.dll
2013-07-17 23:43:43   68608   ----a-w-   C:\Windows\System32\wwanprotdim.dll
2013-07-17 23:38:05   --------   d-----w-   C:\Program Files (x86)\VS Revo Group
2013-07-17 19:59:02   929792   ----a-w-   C:\Windows\SysWow64\mfnetsrc.dll
2013-07-17 19:59:02   677888   ----a-w-   C:\Windows\System32\mfnetcore.dll
2013-07-17 19:59:02   673280   ----a-w-   C:\Windows\System32\mfmpeg2srcsnk.dll
2013-07-17 19:59:02   568832   ----a-w-   C:\Windows\SysWow64\mfnetcore.dll
2013-07-17 19:59:02   513024   ----a-w-   C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2013-07-17 19:59:02   1172992   ----a-w-   C:\Windows\System32\mfnetsrc.dll
2013-07-17 19:58:43   82944   ----a-w-   C:\Windows\SysWow64\dskquota.dll
2013-07-17 19:58:43   109568   ----a-w-   C:\Windows\System32\dskquota.dll
2013-07-17 19:50:25   368640   ----a-w-   C:\Windows\System32\sppwinob.dll
2013-07-17 19:48:49   7168   ----a-w-   C:\Windows\System32\KBDKURD.DLL
2013-07-17 19:47:59   93696   ----a-w-   C:\Windows\SysWow64\WcnApi.dll
2013-07-17 19:46:29   144384   ----a-w-   C:\Windows\System32\tssdisai.dll
2013-07-17 17:40:21   98816   ----a-w-   C:\Windows\sed.exe
2013-07-17 17:40:21   256000   ----a-w-   C:\Windows\PEV.exe
2013-07-17 17:40:21   208896   ----a-w-   C:\Windows\MBR.exe
2013-07-17 16:25:02   252080   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07:58   --------   d-----w-   C:\Windows\ERUNT
2013-07-17 06:51:07   173   ----a-w-   C:\Windows\DeleteOnReboot.bat
2013-07-17 05:23:26   --------   d-----w-   C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40:40   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Malwarebytes
2013-07-17 04:40:31   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-07-17 04:40:30   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-07-17 04:40:30   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40:11   --------   d-----w-   C:\Users\Ashley\AppData\Local\Programs
2013-07-17 03:39:44   --------   d-----w-   C:\Windows\pss
2013-07-15 02:40:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\CyberLink
2013-07-14 18:56:24   16114176   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:56:23   15541248   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:50:33   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\TuneUp Software
2013-07-14 18:50:22   --------   d-----w-   C:\ProgramData\TuneUp Software
2013-07-14 18:50:14   --------   d-sh--w-   C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49:28   --------   d-----w-   C:\Program Files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49:01   --------   d-----w-   C:\Program Files (x86)\Tiny Media Player
2013-07-14 18:44:32   --------   d-----w-   C:\Users\Ashley\AppData\Local\Pokki
2013-07-14 18:42:17   --------   d-----w-   C:\Users\Ashley\AppData\Local\Updater21058
2013-07-14 18:41:08   --------   d-----w-   C:\Users\Ashley\AppData\Local\CRE
2013-07-14 02:37:13   17888   ----a-w-   C:\Windows\System32\msvcr100_clr0400.dll
2013-07-14 02:37:11   17888   ----a-w-   C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-07-14 02:33:43   888320   ----a-w-   C:\Windows\System32\autochk.exe
2013-07-14 02:32:52   1300992   ----a-w-   C:\Windows\System32\gdi32.dll
2013-07-14 02:32:52   1022464   ----a-w-   C:\Windows\SysWow64\gdi32.dll
2013-07-14 02:26:58   94208   ----a-w-   C:\Windows\SysWow64\mssitlb.dll
2013-07-13 19:18:39   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2013-07-13 19:15:05   --------   d-----w-   C:\Program Files\Paint.NET
2013-07-13 19:14:32   --------   d-----w-   C:\Program Files (x86)\MyPC Backup
2013-07-13 19:14:15   --------   d-----w-   C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
2013-07-13 19:13:51   45856   ----a-w-   C:\Windows\System32\drivers\avgtpx64.sys
2013-07-13 19:13:41   --------   d-----w-   C:\ProgramData\AVG SafeGuard toolbar
2013-07-13 19:13:34   --------   d-----w-   C:\Users\Ashley\AppData\Local\Paint.NET
2013-07-13 19:12:43   --------   d--h--w-   C:\ProgramData\Common Files
2013-07-13 03:31:19   405504   ----a-w-   C:\Windows\System32\pcasvc.dll
2013-07-13 03:31:19   31232   ----a-w-   C:\Windows\System32\pcadm.dll
2013-07-13 03:31:19   13312   ----a-w-   C:\Windows\System32\pcalua.exe
2013-07-13 03:31:19   11776   ----a-w-   C:\Windows\System32\pcaevts.dll
2013-07-13 03:25:27   945152   ----a-w-   C:\Windows\System32\resetengmig.dll
2013-07-13 03:25:27   443392   ----a-w-   C:\Windows\System32\ReAgent.dll
2013-07-13 03:25:27   375808   ----a-w-   C:\Windows\SysWow64\ReAgent.dll
2013-07-13 03:25:27   2382336   ----a-w-   C:\Windows\SysWow64\esent.dll
2013-07-13 03:25:27   132096   ----a-w-   C:\Windows\System32\sysreset.exe
2013-07-13 03:25:27   1011200   ----a-w-   C:\Windows\System32\reseteng.dll
2013-07-13 03:25:26   2851840   ----a-w-   C:\Windows\System32\esent.dll
2013-07-13 03:16:20   2035200   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-13 03:16:19   1617920   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-13 03:16:19   1306112   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-13 03:16:19   1272320   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 03:16:18   1413632   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-13 03:16:18   1318912   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-13 03:16:18   1029632   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-13 03:16:17   1455368   ----a-w-   C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-13 03:16:07   135680   ----a-w-   C:\Windows\System32\appserverai.dll
2013-07-13 03:16:07   126976   ----a-w-   C:\Windows\System32\RDWebAI.dll
2013-07-13 03:16:07   122880   ----a-w-   C:\Windows\System32\VmHostAI.dll
2013-07-13 03:16:06   148480   ----a-w-   C:\Windows\System32\poqexec.exe
2013-07-13 03:16:06   132608   ----a-w-   C:\Windows\SysWow64\poqexec.exe
2013-07-13 03:14:57   595968   ----a-w-   C:\Windows\System32\qedit.dll
2013-07-13 03:13:32   733184   ----a-w-   C:\Windows\System32\win32spl.dll
2013-07-13 03:12:42   1558912   ----a-w-   C:\Program Files\Windows Defender\DbgHelp.dll
2013-07-13 03:08:59   2361344   ----a-w-   C:\Windows\System32\msxml6.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2013-07-13 03:08:58   1836032   ----a-w-   C:\Windows\System32\msxml3.dll
2013-07-13 03:08:58   1802240   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2013-07-13 03:08:58   1438720   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2013-07-12 19:55:19   --------   d-----w-   C:\Users\Ashley\AppData\Local\Adobe
2013-07-12 19:47:04   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\hpqlog
2013-07-12 17:18:32   50784   ----a-w-   C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18:30   17536   ----a-w-   C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02:49   --------   d-----r-   C:\Program Files (x86)\Skype
2013-07-12 07:00:53   --------   d-----w-   C:\Users\Ashley\AppData\Local\DefineExt
2013-07-12 06:58:54   --------   d-----w-   C:\Users\Ashley\AppData\Local\Real
2013-07-12 06:58:47   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\RealNetworks
2013-07-12 06:58:21   --------   d-----w-   C:\Program Files (x86)\RealNetworks
2013-07-12 06:58:19   --------   d-----w-   C:\ProgramData\RealNetworks
2013-07-12 06:58:09   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2013-07-12 06:57:24   --------   d-----w-   C:\Users\Ashley\AppData\Local\Google
2013-07-12 04:02:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
2013-07-12 04:02:14   --------   d-----w-   C:\Users\Ashley\AppData\Local\Hewlett-Packard
2013-07-12 02:54:40   --------   d-----w-   C:\Users\Ashley\AppData\Local\CrashDumps
2013-07-12 02:54:21   --------   d-----w-   C:\Users\Ashley\AppData\Local\Diagnostics
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Searches
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Contacts
2013-07-12 02:43:14   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Synaptics
2013-07-12 02:43:07   --------   d-----w-   C:\Users\Ashley\AppData\Local\Power2Go8
2013-07-12 02:42:46   --------   d-----w-   C:\Users\Ashley\AppData\Local\VirtualStore
2013-07-12 02:42:30   --------   d-----w-   C:\Users\Ashley\AppData\Local\Packages
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Videos
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Saved Games
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Pictures
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Music
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Links
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Downloads
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Documents
.
==================== Find3M  ====================
.
2013-07-12 06:57:57   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2013-07-12 06:57:57   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2013-06-16 22:41:31   997632   ----a-w-   C:\Windows\System32\drivers\ndis.sys
2013-06-11 23:43:37   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00   2877440   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-06-11 23:25:16   3958784   ----a-w-   C:\Windows\System32\jscript9.dll
2013-06-01 11:54:16   194816   ----a-w-   C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10   125184   ----a-w-   C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21   2391280   ----a-w-   C:\Windows\explorer.exe
2013-06-01 11:33:13   2233600   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35   337152   ----a-w-   C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35   213248   ----a-w-   C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33   327936   ----a-w-   C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31   6987008   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46   2106176   ----a-w-   C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52   364544   ----a-w-   C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05   67584   ----a-w-   C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03   496640   ----a-w-   C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19   493056   ----a-w-   C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09   850944   ----a-w-   C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09   1453568   ----a-w-   C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46   1842176   ----a-w-   C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06   680960   ----a-w-   C:\Windows\System32\vds.exe
2013-06-01 09:22:47   80896   ----a-w-   C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33   523264   ----a-w-   C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33   446976   ----a-w-   C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09   190976   ----a-w-   C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39   729600   ----a-w-   C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39   106496   ----a-w-   C:\Windows\System32\samlib.dll
2013-06-01 09:20:45   583168   ----a-w-   C:\Windows\System32\mscms.dll
2013-06-01 09:20:34   1527808   ----a-w-   C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34   1048576   ----a-w-   C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04   2219520   ----a-w-   C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58   207872   ----a-w-   C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42   785408   ----a-w-   C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57   37632   ----a-w-   C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23   4036096   ----a-w-   C:\Windows\System32\win32k.sys
2013-05-24 22:09:20   1403296   ----a-w-   C:\Windows\System32\winload.efi
2013-05-24 22:09:20   1271584   ----a-w-   C:\Windows\System32\winload.exe
2013-05-24 22:09:20   1217352   ----a-w-   C:\Windows\System32\winresume.efi
2013-05-24 22:09:20   1093904   ----a-w-   C:\Windows\System32\winresume.exe
2013-05-17 02:12:26   819440   ----a-w-   C:\Windows\System32\SynCOM.dll
2013-05-17 02:12:26   351984   ----a-w-   C:\Windows\SysWow64\SynCom.dll
2013-05-17 02:12:22   524016   ----a-w-   C:\Windows\System32\drivers\SynTP.sys
2013-05-17 02:12:22   192240   ----a-w-   C:\Windows\System32\SynTPCo19.dll
2013-05-17 02:12:22   151280   ----a-w-   C:\Windows\SysWow64\SynTPCom.dll
2013-05-17 02:12:20   264432   ----a-w-   C:\Windows\System32\SynTPAPI.dll
2013-05-15 22:37:03   44032   ----a-w-   C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49   53760   ----a-w-   C:\Windows\System32\UXInit.dll
2013-05-15 02:25:44   542208   ----a-w-   C:\Windows\System32\untfs.dll
2013-05-15 02:24:10   793088   ----a-w-   C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01   482816   ----a-w-   C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17   120736   ----a-w-   C:\Windows\System32\AuthHost.exe
2013-05-04 07:34:17   446720   ----a-w-   C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:15   284416   ----a-w-   C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56   39424   ----a-w-   C:\Windows\System32\wuapp.exe
2013-05-04 06:59:51   1483776   ----a-w-   C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36   812544   ----a-w-   C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25   98304   ----a-w-   C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25   251904   ----a-w-   C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25   141824   ----a-w-   C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24   1619968   ----a-w-   C:\Windows\System32\wucltux.dll
2013-05-04 06:59:21   2842112   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2013-05-04 06:59:08   13644288   ----a-w-   C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54   328192   ----a-w-   C:\Windows\System32\ubpm.dll
2013-05-04 06:58:54   10116096   ----a-w-   C:\Windows\System32\twinui.dll
2013-05-04 06:58:49   173568   ----a-w-   C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:49   1332736   ----a-w-   C:\Windows\System32\sysmain.dll
2013-05-04 06:58:48   330240   ----a-w-   C:\Windows\System32\stobject.dll
2013-05-04 06:58:28   93696   ----a-w-   C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02   470528   ----a-w-   C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02   151552   ----a-w-   C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01   169984   ----a-w-   C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59   17408   ----a-w-   C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46   560640   ----a-w-   C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15   501760   ----a-w-   C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05   179712   ----a-w-   C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05   122368   ----a-w-   C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04   389120   ----a-w-   C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04   2305024   ----a-w-   C:\Windows\System32\authui.dll
2013-05-04 06:57:00   708096   ----a-w-   C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00   1131520   ----a-w-   C:\Windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53   419840   ----a-w-   C:\Windows\System32\intl.cpl
2013-05-04 04:58:34   34304   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14   758784   ----a-w-   C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02   83968   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02   125952   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:58   2620928   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-04 04:57:49   10788864   ----a-w-   C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39   8857088   ----a-w-   C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39   247296   ----a-w-   C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35   303616   ----a-w-   C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:16   18432   ----a-w-   C:\Windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04   151040   ----a-w-   C:\Windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04   115712   ----a-w-   C:\Windows\SysWow64\netprofm.dll
2013-05-04 04:57:02   14336   ----a-w-   C:\Windows\SysWow64\muifontsetup.dll
2013-05-04 04:56:48   411136   ----a-w-   C:\Windows\SysWow64\mfmp4srcsnk.dll
.
============= FINISH: 13:13:52.18 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2013 7:40:45 PM
System Uptime: 7/18/2013 8:31:05 AM (5 hours ago)
.
Motherboard: Hewlett-Packard |  | 1854
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz | U3E1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 442 GiB total, 394.74 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 2.738 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 7/12/2013 12:02:16 AM - Installed Skype™ 6.3
RP5: 7/13/2013 12:13:41 PM - Paint.NET v3.5.10
RP6: 7/14/2013 12:19:06 PM - Removed Smileys We Love Toolbar for IE
RP7: 7/17/2013 10:40:25 AM - ComboFix created restore point
RP8: 7/18/2013 12:42:41 PM - Revo Uninstaller's restore point - GetSavin
.
==== Installed Programs ======================
.
4 Elements II
Adobe Shockwave Player 11.6
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Chuzzle Deluxe
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Define Ext
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Google Chrome
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
John Deere Drive Green
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
Paint.NET v3.5.10
Peggle Nights
Penguins!
Pokki
Polar Bowler
Polar Golfer
QuickShare
Ralink RT5390R 802.11bgn Wi-Fi Adapter
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
RegCure Pro
Revo Uninstaller 1.95
Roads of Rome 3
Skype™ 6.3
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Tiny Media Player v1.0
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/18/2013 8:31:40 AM, Error: Service Control Manager [7000]  - The vToolbarUpdater15.3.0 service failed to start due to the following error:  The system cannot find the file specified.
7/18/2013 7:37:25 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/18/2013 7:36:49 AM, Error: Application Popup [1060]  -
7/17/2013 4:48:04 PM, Error: Service Control Manager [7034]  - The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2836988).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2820330).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2808679).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2805966).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2829361).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2781197).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2833959).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2845533).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2822241).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2811660).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2800033).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2798162).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2795944).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2777294).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2769165).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2769034).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2768703).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft Camera Codec Pack for Windows 8 for x64-based Systems (KB2859541).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft Camera Codec Pack for Windows 8 for x64-based Systems (KB2779444).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2805227).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2805222).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2750149).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64 based Systems (KB2769166).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2850851).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2845690).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2845187).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2839894).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2835364).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2835361).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2830290).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2829254).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2813430).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2807986).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2803821).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2785220).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2770660).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2753842).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2727528).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64 (KB2742614).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2840632).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2833958).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2804583).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2789649).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2737084).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2844289).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2840633).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2832418).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2804584).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2789650).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2742616).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2736693).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2729462).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Internet Explorer Flash Player for Windows 8 for X64-based Systems (KB2857645).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Cumulative Security Update for Internet Explorer 10 for Windows 8 for x64-based Systems (KB2846071).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0841: Update for Windows 8 for x64-based Systems (KB2771431).
.
==== End Of File ===========================


Thank you and this time and am going back to bed for sure for a few hours before work tonight.

4

17
Hi Corrine,

I woke up for a few minutes. I could not find the biz coaching add on via the manage add on route in ie. I did see other things like the smiley tool bar and lyric sing and what not but anything I highlighted did not have an option to remove.

I went ahead and uninstalled lyric sing via the control panel along with avg, Norton, getsavin and another item I can't remember the name of associated with ads regarding searching for savings. During this time I have not seen the biz coach pop up as of yet.

Here is the mbam quick scan log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.18.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Ashley :: SKAIA [administrator]

7/18/2013 12:51:11 PM
mbam-log-2013-07-18 (12-51-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213892
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Going for another nap.

4

18
After resetting ie to defaults and restarting the laptop I am able to navigate with ie now. Upon the restart the screen was blank and I got a message saying that lyric sing was not responding, I restarted and it came up okay.

I still get the ie window that pops up with the biz coaching . info redirect wanting me to install the player. I didn't want to paste the address but I found a link to the same issue over at bleeping when doing a search.

http://www.bleepingcomputer.com/forums/t/499939/infected-with-bizcoachinginfo-redirects-and-popups-in-all-browsers/

The biz coaching .info link in the above thread looks to be the same that I am experiencing.

This appears only to be happening in ie10 as I have tried browsing in chrome a little bit and it has not come up.

I might pass out soon since I just got home from work but I will be up in a few hours if that happens.

4


19
Hi Corrine,

Just got home from work. After running combofix I tried using IE but cold not navigate anywhere so I am using chrome to do this. I noticed she has google for her home page and there is always a notice at the bottom for downloading either an update for a player or a missing plugin.... I reset ie to default settings and will restart the computer for it to take affect after posting this.

Here is the combofix log:

ComboFix 13-07-18.02 - Ashley 07/18/2013   7:31.3.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2697 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Ashley\AppData\Local\DefineExt\temp.dat"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ashley\AppData\Local\DefineExt\temp.dat
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-18 to 2013-07-18  )))))))))))))))))))))))))))))))
.
.
2013-07-18 14:37 . 2013-07-18 14:37   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-17 23:38 . 2013-07-17 23:38   --------   d-----w-   c:\program files (x86)\VS Revo Group
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-17 04:07 . 2012-07-19 02:00   80216   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 04:07 . 2012-07-19 02:00   694616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 18:31 . 2013-07-15 18:31   --------   d-----w-   c:\program files (x86)\LyricSing
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-----w-   c:\programdata\TuneUp Software
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-sh--w-   c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49 . 2013-07-14 19:16   --------   d-----w-   c:\program files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-13 19:18 . 2013-07-13 19:18   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:14 . 2013-07-17 23:48   --------   d-----w-   c:\program files (x86)\MyPC Backup
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\program files (x86)\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 17:29 . 2013-07-13 19:20   --------   d-----w-   c:\windows\system32\drivers\NISx64\1404000.028
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-13 17:31 . 2012-09-02 04:43   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}]
2013-07-15 00:10   185856   ----a-w-   c:\program files (x86)\LyricSing\122.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys

R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys

R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys

S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys

S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys

S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS

S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS

S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS

S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS

S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-18 c:\windows\Tasks\LyricsSing Update.job
- c:\program files (x86)\LyricSing\lSing.exe [2013-07-15 00:10]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - c:\users\Ashley\AppData\Local\DefineExt\temp.dat
AddRemove-GetSavin - c:\users\Ashley\AppData\Local\getsavin\uninst.exe
AddRemove-Savings Explorer - c:\program files (x86)\Savings Explorer\Uninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-18  07:39:46
ComboFix-quarantined-files.txt  2013-07-18 14:39
ComboFix2.txt  2013-07-17 20:08
ComboFix3.txt  2013-07-17 17:51
.
Pre-Run: 422,632,075,264 bytes free
Post-Run: 422,262,693,888 bytes free
.
- - End Of File - - 93B01E661E7AE75C8A9874179FCAC86F
D41D8CD98F00B204E9800998ECF8427E


Thank you.

4

20
HI Corrine,

Sorry for the delay, I had to take a short nap before heading to work tonight. I uninstalled the smiley toolbar, mypcbackup and tuneup utilities.....

Also, when I clicked reply to make this post another ie window popped up again with the bizcoach dot info address at the top...there is always nothing but a small rectangular box saying the following:

"ATTENTION! It is recommended that you download FLV MPlayer to continue."

I am not certain if this is something she has clicked on prior to her issues as well.

4

21
Thanks Corrine,

Here is the new combofix log:

ComboFix 13-07-16.01 - Ashley 07/17/2013  13:01:37.2.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2169 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-17 to 2013-07-17  )))))))))))))))))))))))))))))))
.
.
2013-07-17 20:06 . 2013-07-17 20:06   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-17 04:07 . 2012-07-19 02:00   80216   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 04:07 . 2012-07-19 02:00   694616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 18:31 . 2013-07-15 18:31   --------   d-----w-   c:\program files (x86)\LyricSing
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:51 . 2012-11-29 23:31   34656   ----a-w-   c:\windows\system32\TURegOpt.exe
2013-07-14 18:51 . 2012-11-29 23:31   25952   ----a-w-   c:\windows\system32\authuitu.dll
2013-07-14 18:51 . 2012-11-29 23:31   21344   ----a-w-   c:\windows\SysWow64\authuitu.dll
2013-07-14 18:50 . 2013-07-14 18:51   --------   d-----w-   c:\program files (x86)\TuneUp Utilities 2013
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-----w-   c:\programdata\TuneUp Software
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-sh--w-   c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49 . 2013-07-14 19:16   --------   d-----w-   c:\program files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-13 19:18 . 2013-07-13 19:18   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:14 . 2013-07-13 19:21   --------   d-----w-   c:\program files (x86)\MyPC Backup
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\program files (x86)\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 17:29 . 2013-07-13 19:20   --------   d-----w-   c:\windows\system32\drivers\NISx64\1404000.028
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-13 17:31 . 2012-09-02 04:43   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\dwm.exe ---
Company: Microsoft Corporation
File Description: Desktop Window Manager
File Version: 6.2.9200.16384 (win8_rtm.120725-1247)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: dwm.exe.mui
File size: 117760
Created time: 2012-07-25 23:43
Modified time: 2012-07-26 03:08
MD5: EC29CA52113EF803339B1680593390F0
SHA1: 8C8A73E2F976AA7ED7A7F4E8218FE5DB91AC63F2
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
2013-06-26 23:07   830312   ----a-w-   c:\users\Ashley\AppData\Local\DefineExt\temp.dat
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}]
2013-07-15 00:10   185856   ----a-w-   c:\program files (x86)\LyricSing\122.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cf0f43ab-9c23-4d7b-8040-201b82844854}"= "c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{cf0f43ab-9c23-4d7b-8040-201b82844854}]
[HKEY_CLASSES_ROOT\SmileysWeLoveToolbar.SWLIEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-7-1 1945128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys

R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys

R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys

S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe

S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys

S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys

S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS

S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS

S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS

S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys

S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\LyricsSing Update.job
- c:\program files (x86)\LyricSing\lSing.exe [2013-07-15 00:10]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-GetSavin - c:\users\Ashley\AppData\Local\getsavin\uninst.exe
AddRemove-Savings Explorer - c:\program files (x86)\Savings Explorer\Uninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-17  13:08:34
ComboFix-quarantined-files.txt  2013-07-17 20:08
ComboFix2.txt  2013-07-17 17:51
.
Pre-Run: 425,058,357,248 bytes free
Post-Run: 424,736,288,768 bytes free
.
- - End Of File - - 11834BE5BAC5D7274B0ABFA834E1D731
D41D8CD98F00B204E9800998ECF8427E

4

22
Hi Corrine,

"It has been a while since your family members have run into problems" :hysterical:

Ha! That's a good one! While they have had a good run with severe issues I have had to deal with several things that I am able to handle. It seems no matter how much I try to beat into their heads certain habits to stop this stuff from happening it does no good.

This one looks a bit beyond my abilities as I felt it required tools I am not experienced at yet. That is why I was considering the university. I truly do enjoy working on these things and it is so frustrating when I can't get it done.

Nice to hear from you again and thank you for the help.

Here is the combofix log:

ComboFix 13-07-16.01 - Ashley 07/17/2013  10:42:39.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2813 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-17 to 2013-07-17  )))))))))))))))))))))))))))))))
.
.
2013-07-17 17:48 . 2013-07-17 17:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-17 04:07 . 2012-07-19 02:00   80216   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 04:07 . 2012-07-19 02:00   694616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 18:31 . 2013-07-15 18:31   --------   d-----w-   c:\program files (x86)\LyricSing
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:51 . 2012-11-29 23:31   34656   ----a-w-   c:\windows\system32\TURegOpt.exe
2013-07-14 18:51 . 2012-11-29 23:31   25952   ----a-w-   c:\windows\system32\authuitu.dll
2013-07-14 18:51 . 2012-11-29 23:31   21344   ----a-w-   c:\windows\SysWow64\authuitu.dll
2013-07-14 18:50 . 2013-07-14 18:51   --------   d-----w-   c:\program files (x86)\TuneUp Utilities 2013
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-----w-   c:\programdata\TuneUp Software
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-sh--w-   c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49 . 2013-07-14 19:16   --------   d-----w-   c:\program files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-13 19:18 . 2013-07-13 19:18   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:14 . 2013-07-13 19:21   --------   d-----w-   c:\program files (x86)\MyPC Backup
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\program files (x86)\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 17:29 . 2013-07-13 19:20   --------   d-----w-   c:\windows\system32\drivers\NISx64\1404000.028
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-13 17:31 . 2012-09-02 04:43   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
2013-06-26 23:07   830312   ----a-w-   c:\users\Ashley\AppData\Local\DefineExt\temp.dat
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}]
2013-07-15 00:10   185856   ----a-w-   c:\program files (x86)\LyricSing\122.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-7-1 1945128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys

R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys

R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys

S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe

S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys

S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys

S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS

S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS

S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS

S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys

S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\LyricsSing Update.job
- c:\program files (x86)\LyricSing\lSing.exe [2013-07-15 00:10]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B3522C04-B9DB-4C57-AA22-929092423BDD} - c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll
BHO-{e4ef8a64-0a30-48f5-b3fe-5fda978da775} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll
Toolbar-{cf0f43ab-9c23-4d7b-8040-201b82844854} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll
Wow6432Node-HKCU-Run-Pokki - %LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll
BHO-{e4ef8a64-0a30-48f5-b3fe-5fda978da775} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader64.dll
Toolbar-{cf0f43ab-9c23-4d7b-8040-201b82844854} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader64.dll
AddRemove-GetSavin - c:\users\Ashley\AppData\Local\getsavin\uninst.exe
AddRemove-Savings Explorer - c:\program files (x86)\Savings Explorer\Uninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-17  10:51:11
ComboFix-quarantined-files.txt  2013-07-17 17:51
.
Pre-Run: 427,843,706,880 bytes free
Post-Run: 427,884,322,816 bytes free
.
- - End Of File - - 6C4FBADAE5D2319CB6FD80B6B5C84B69
D41D8CD98F00B204E9800998ECF8427E


4

23
Hello,

My niece got a new laptop running windows 8. Doing her usual teenage girl facebook stuff and what not she got an update for adobe notice, which she clicked ok on. I don't know if that was legit or not but soon after she was getting popups relating to dating Asian women and suggestions to clean windows 8 by running some scan.

I got my hands on it and when I first got on the net I witnessed the popup ads for the Asian women and also the adobe update that didn't look like any I had seen before. I have not used windows 8 much but I would think the updates should be at least similar to other operating systems in appearance.

I fired up in safe mode and ran: ( I also disabled just about everything at startup via the task manager when doing this)

tdsskiller which found nothing.
mbam which found and removed 35 items(still have the log)
mbar which found and removed 5 items(still have the log)
adwcleaner
JRT which among other things had this registry entry found (Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?)

Also, working my way to this making this post an ie window opens up stating the following:
 "ATTENTION! It is recommended that you download FLV MPlayer to continue."

The title at the top of the browser says...... bizcoaching dot info .......

I think that it is all

Here is the security check log:

 Results of screen317's Security Check version 0.99.69 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Windows Defender           
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 TuneUp Utilities 2013   
 TuneUp Utilities Language Pack (en-US)
 TuneUp Utilities 2013   
 Adobe Flash Player    11.8.800.94 
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

Here are the dds logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384
Run by Ashley at 9:38:23 on 2013-07-17
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2791 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: GetSavin 5.0: {B3522C04-B9DB-4C57-AA22-929092423BDD} -
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Ashley\AppData\Local\DefineExt\temp.dat
BHO: SmileysWeLoveToolbar: {e4ef8a64-0a30-48f5-b3fe-5fda978da775} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: LyricsSing: {F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} - C:\Program Files (x86)\LyricSing\122.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: SmileysWeLove: {cf0f43ab-9c23-4d7b-8040-201b82844854} -
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pokki] C:\Windows\System32\rundll32.exe "C:\Users\Ashley\AppData\Local\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Ashley\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94}\F46666963656534376 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SmileysWeLoveToolbar: {e4ef8a64-0a30-48f5-b3fe-5fda978da775} -
x64-TB: SmileysWeLove: {cf0f43ab-9c23-4d7b-8040-201b82844854} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-1 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-9-1 98208]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-7-1 32808]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-1 165760]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-7-13 144368]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-1 364416]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-7-13 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-7-12 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSviA64.sys [2013-7-16 513184]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-1 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-1 43832]
R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-7-13 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-7-13 1139800]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-7-13 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-7-13 433752]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-7-13 23448]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-9-1 266896]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-1 41272]
.
=============== Created Last 30 ================
.
2013-07-17 16:25:02   252080   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07:58   --------   d-----w-   C:\Windows\ERUNT
2013-07-17 06:51:07   173   ----a-w-   C:\Windows\DeleteOnReboot.bat
2013-07-17 05:23:26   --------   d-----w-   C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40:40   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Malwarebytes
2013-07-17 04:40:31   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-07-17 04:40:30   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-07-17 04:40:30   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40:11   --------   d-----w-   C:\Users\Ashley\AppData\Local\Programs
2013-07-17 04:07:50   80216   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 04:07:50   694616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-17 03:39:44   --------   d-----w-   C:\Windows\pss
2013-07-15 18:31:19   --------   d-----w-   C:\Program Files (x86)\LyricSing
2013-07-15 02:40:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\CyberLink
2013-07-14 18:51:08   34656   ----a-w-   C:\Windows\System32\TURegOpt.exe
2013-07-14 18:51:03   25952   ----a-w-   C:\Windows\System32\authuitu.dll
2013-07-14 18:51:03   21344   ----a-w-   C:\Windows\SysWow64\authuitu.dll
2013-07-14 18:50:33   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\TuneUp Software
2013-07-14 18:50:25   --------   d-----w-   C:\Program Files (x86)\TuneUp Utilities 2013
2013-07-14 18:50:22   --------   d-----w-   C:\ProgramData\TuneUp Software
2013-07-14 18:50:14   --------   d-sh--w-   C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49:28   --------   d-----w-   C:\Program Files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49:01   --------   d-----w-   C:\Program Files (x86)\Tiny Media Player
2013-07-14 18:44:32   --------   d-----w-   C:\Users\Ashley\AppData\Local\Pokki
2013-07-14 18:42:17   --------   d-----w-   C:\Users\Ashley\AppData\Local\Updater21058
2013-07-14 18:41:08   --------   d-----w-   C:\Users\Ashley\AppData\Local\CRE
2013-07-13 19:18:39   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2013-07-13 19:15:05   --------   d-----w-   C:\Program Files\Paint.NET
2013-07-13 19:14:32   --------   d-----w-   C:\Program Files (x86)\MyPC Backup
2013-07-13 19:14:15   --------   d-----w-   C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
2013-07-13 19:13:51   45856   ----a-w-   C:\Windows\System32\drivers\avgtpx64.sys
2013-07-13 19:13:41   --------   d-----w-   C:\ProgramData\AVG SafeGuard toolbar
2013-07-13 19:13:35   --------   d-----w-   C:\Program Files (x86)\AVG SafeGuard toolbar
2013-07-13 19:13:34   --------   d-----w-   C:\Users\Ashley\AppData\Local\Paint.NET
2013-07-13 19:12:43   --------   d--h--w-   C:\ProgramData\Common Files
2013-07-13 17:29:32   433752   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys
2013-07-13 17:29:32   23448   ----a-r-   C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys
2013-07-13 17:29:31   796760   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-07-13 17:29:31   493656   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-07-13 17:29:31   36952   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
2013-07-13 17:29:31   224416   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys
2013-07-13 17:29:31   169048   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
2013-07-13 17:29:31   1139800   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-07-13 17:29:05   --------   d-----w-   C:\Windows\System32\drivers\NISx64\1404000.028
2013-07-13 03:16:07   144384   ----a-w-   C:\Windows\System32\tssdisai.dll
2013-07-13 03:16:07   135680   ----a-w-   C:\Windows\System32\appserverai.dll
2013-07-13 03:16:07   126976   ----a-w-   C:\Windows\System32\RDWebAI.dll
2013-07-13 03:16:07   122880   ----a-w-   C:\Windows\System32\VmHostAI.dll
2013-07-13 03:16:06   148480   ----a-w-   C:\Windows\System32\poqexec.exe
2013-07-13 03:16:06   132608   ----a-w-   C:\Windows\SysWow64\poqexec.exe
2013-07-13 03:08:59   2361344   ----a-w-   C:\Windows\System32\msxml6.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2013-07-13 03:08:58   1836032   ----a-w-   C:\Windows\System32\msxml3.dll
2013-07-13 03:08:58   1802240   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2013-07-13 03:08:58   1438720   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2013-07-12 19:55:19   --------   d-----w-   C:\Users\Ashley\AppData\Local\Adobe
2013-07-12 19:47:04   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\hpqlog
2013-07-12 17:18:32   50784   ----a-w-   C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18:30   17536   ----a-w-   C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02:49   --------   d-----r-   C:\Program Files (x86)\Skype
2013-07-12 07:00:53   --------   d-----w-   C:\Users\Ashley\AppData\Local\DefineExt
2013-07-12 06:58:54   --------   d-----w-   C:\Users\Ashley\AppData\Local\Real
2013-07-12 06:58:47   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\RealNetworks
2013-07-12 06:58:21   --------   d-----w-   C:\Program Files (x86)\RealNetworks
2013-07-12 06:58:19   --------   d-----w-   C:\ProgramData\RealNetworks
2013-07-12 06:58:09   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2013-07-12 06:57:24   --------   d-----w-   C:\Users\Ashley\AppData\Local\Google
2013-07-12 04:02:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
2013-07-12 04:02:14   --------   d-----w-   C:\Users\Ashley\AppData\Local\Hewlett-Packard
2013-07-12 02:54:40   --------   d-----w-   C:\Users\Ashley\AppData\Local\CrashDumps
2013-07-12 02:54:21   --------   d-----w-   C:\Users\Ashley\AppData\Local\Diagnostics
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Searches
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Contacts
2013-07-12 02:43:14   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Synaptics
2013-07-12 02:43:07   --------   d-----w-   C:\Users\Ashley\AppData\Local\Power2Go8
2013-07-12 02:42:46   --------   d-----w-   C:\Users\Ashley\AppData\Local\VirtualStore
2013-07-12 02:42:30   --------   d-----w-   C:\Users\Ashley\AppData\Local\Packages
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Videos
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Saved Games
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Pictures
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Music
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Links
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Downloads
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Documents
.
==================== Find3M  ====================
.
2013-07-13 17:31:11   177312   ----a-w-   C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-12 06:57:57   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2013-07-12 06:57:57   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2013-05-17 02:12:26   819440   ----a-w-   C:\Windows\System32\SynCOM.dll
2013-05-17 02:12:26   351984   ----a-w-   C:\Windows\SysWow64\SynCom.dll
2013-05-17 02:12:22   524016   ----a-w-   C:\Windows\System32\drivers\SynTP.sys
2013-05-17 02:12:22   192240   ----a-w-   C:\Windows\System32\SynTPCo19.dll
2013-05-17 02:12:22   151280   ----a-w-   C:\Windows\SysWow64\SynTPCom.dll
2013-05-17 02:12:20   264432   ----a-w-   C:\Windows\System32\SynTPAPI.dll
.
============= FINISH:  9:39:06.74 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2013 7:40:45 PM
System Uptime: 7/17/2013 9:32:13 AM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 1854
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz | U3E1 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 442 GiB total, 398.843 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 2.738 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 7/12/2013 12:02:16 AM - Installed Skype™ 6.3
RP5: 7/13/2013 12:13:41 PM - Paint.NET v3.5.10
RP6: 7/14/2013 12:19:06 PM - Removed Smileys We Love Toolbar for IE
.
==== Installed Programs ======================
.
4 Elements II
Adobe Shockwave Player 11.6
AVG SafeGuard toolbar
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Chuzzle Deluxe
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Define Ext
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
GetSavin
Google Chrome
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
John Deere Drive Green
Luxor Evolved
LyricsSing
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
MSVCRT
MyPC Backup
Mystery P.I. - Curious Case of Counterfeit Cove
Norton Internet Security
Paint.NET v3.5.10
Peggle Nights
Penguins!
Pokki
Polar Bowler
Polar Golfer
QuickShare
Ralink RT5390R 802.11bgn Wi-Fi Adapter
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
RegCure Pro
Roads of Rome 3
Savings Explorer
Skype™ 6.3
Smileys We Love Toolbar for IE
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Tiny Media Player v1.0
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/17/2013 9:32:56 AM, Error: Service Control Manager [7000]  - The vToolbarUpdater15.3.0 service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================


Sorry for the long windedness.

4

24
LandzDown Lounge / Re: Who will be the next poster?
« on: June 20, 2013, 08:48:47 PM »
Sorry, try again....

GR@PH;<'S up next?

25
Analysis and Malware Removal / Re: Post clean up second opinion
« on: September 12, 2012, 07:07:57 PM »

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


You can delete the programs you downloaded to provide the logs (DDS and Security Check).   

Before returning this computer, I suggest that you install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

Now it appears that the last thing to deal with (for now) is the ac adapter problem as well as a serious sit-down discussion on safe surfing, particularly after what you went through to recover this computer.

Thank you for walking me through the final steps of getting this thing back on track.

The spywareblaster will be good for this machine since kids tend to ignore the warnings and get caught by the nasties out there sooner or later. I have had good luck with my own kids learning what to watch out for and hopefully we can get her up to speed as well.

As far as the cord, I thought she told me she purchased a new one but it turns out she hasn't yet. Between the bios update and a new cord hopefully that will be resolved.

Thanks again.

4


26
Analysis and Malware Removal / Re: Post clean up second opinion
« on: September 12, 2012, 05:23:04 PM »
They certainly seem to supply me with many learning opportunities but I don't mind. I always find it interesting to try to get to the bottom of it.

It amazes me that no matter how many tools I use there always seems to be something a little deeper which requires steps I do not yet have the knowledge to execute on my own.

Here is the new ComboFix log:

ComboFix 12-09-12.03 - ME 09/12/2012  11:00:19.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.894.381 [GMT -7:00]
Running from: c:\documents and settings\ME\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ME\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-12 to 2012-09-12  )))))))))))))))))))))))))))))))
.
.
2012-08-31 22:41 . 2012-08-31 22:41   --------   d-----w-   C:\3816b72c9ecaa6cb1a
2012-08-31 20:27 . 2012-08-31 20:27   --------   d-----w-   C:\dell
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2008-04-14 12:00   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-03 13:40 . 2008-04-14 12:00   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00   385024   ------w-   c:\windows\system32\html.iec
2012-06-28 21:33 . 2012-06-28 21:33   81920   ------w-   c:\windows\system32\ieencode.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-09-12_02.44.56   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-12 14:57 . 2012-09-12 14:57   16384              c:\windows\Temp\Perflib_Perfdata_7e8.dat
- 2008-04-14 12:00 . 2012-09-12 02:39   75728              c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-09-12 15:02   75728              c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-09-12 15:02   472800              c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2012-09-12 02:39   472800              c:\windows\system32\perfh009.dat
+ 2008-03-21 01:06 . 2009-06-25 20:20   1485176              c:\windows\system32\LegitCheckControl.DLL
+ 2012-09-12 15:01 . 2008-03-21 01:06   1480232              c:\windows\LastGood\system32\LegitCheckControl.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-04 23:37   116648   ----atw-   c:\documents and settings\ME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 MpKslcfe347c9;MpKslcfe347c9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AB571AC-77D8-4045-A28F-8578C9079CC0}\MpKslcfe347c9.sys [9/12/2012 8:13 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 11:54 AM 116608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/11/2012 2:43 PM 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/11/2012 2:43 PM 116648]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLCFE347C9
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 21:43]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 21:43]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-879983540-1801674531-1004Core.job
- c:\documents and settings\ME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-04 23:37]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-879983540-1801674531-1004UA.job
- c:\documents and settings\ME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-04 23:37]
.
2012-09-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2012-09-12 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-12 11:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-09-12  11:05:24
ComboFix-quarantined-files.txt  2012-09-12 18:05
ComboFix2.txt  2012-09-12 02:46
.
Pre-Run: 152,675,381,248 bytes free
Post-Run: 152,728,186,880 bytes free
.
- - End Of File - - 2CF3D52A7CACB93D279C06A60C21722A

Here is the new Adwcleaner log:

# AdwCleaner v2.001 - Logfile created 09/12/2012 at 11:08:15
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ME - XP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\ME\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Program Files\Funmoods

***** [Registry] *****

Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

*************************

AdwCleaner[R1].txt - [2908 octets] - [12/09/2012 08:04:51]
AdwCleaner[S1].txt - [3151 octets] - [12/09/2012 11:08:15]

########## EOF - C:\AdwCleaner[S1].txt - [3211 octets] ##########




27
Analysis and Malware Removal / Re: Post clean up second opinion
« on: September 12, 2012, 02:13:55 PM »
Hello Corrine,

Here is the Adwcleaner log:

# AdwCleaner v2.001 - Logfile created 09/12/2012 at 08:04:51
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ME - XP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\ME\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\ME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found : C:\Program Files\Funmoods

***** [Registry] *****

Key Found : HKCU\Software\Funmoods
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\Software\Funmoods
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.89

*************************

AdwCleaner[R1].txt - [2779 octets] - [12/09/2012 08:04:51]

########## EOF - C:\AdwCleaner[R1].txt - [2839 octets] ##########


Here is the new DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by ME at 8:06:08 on 2012-09-12
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.894.473 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346446056722
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346448561406
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2F8F61AD-3B33-4E11-BB3E-64F221B3491A} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-9-11 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-9-11 116648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-12 15:00:21   7022536   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{10a5b8d1-fff1-4ff7-84ae-d538b7f26b15}\mpengine.dll
2012-09-12 02:40:53   --------   d-sha-r-   C:\cmdcons
2012-09-12 02:40:11   98816   ----a-w-   c:\windows\sed.exe
2012-09-12 02:40:11   518144   ----a-w-   c:\windows\SWREG.exe
2012-09-12 02:40:11   256000   ----a-w-   c:\windows\PEV.exe
2012-09-12 02:40:11   208896   ----a-w-   c:\windows\MBR.exe
2012-09-12 00:25:51   --------   d-sh--w-   c:\documents and settings\me\IECompatCache
2012-09-11 21:50:14   --------   d-----w-   c:\windows\pss
2012-09-11 21:43:32   --------   d-----w-   c:\program files\CCleaner
2012-09-11 21:08:55   --------   d-----w-   c:\program files\VS Revo Group
2012-09-11 19:28:03   --------   d-----w-   c:\documents and settings\me\application data\SUPERAntiSpyware.com
2012-09-11 19:27:42   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-09-11 19:27:42   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-11 15:07:50   --------   d-----w-   c:\documents and settings\me\application data\Malwarebytes
2012-09-11 15:07:26   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-09-11 15:07:23   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-11 15:07:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-09-10 04:56:07   7022536   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-10 04:51:11   --------   d-----w-   c:\documents and settings\me\application data\Funmoods
2012-09-10 04:35:58   --------   d-----w-   c:\program files\Funmoods
2012-09-10 04:35:58   --------   d-----w-   c:\documents and settings\me\local settings\application data\Wajam
2012-09-10 04:26:02   --------   d-----w-   c:\documents and settings\me\local settings\application data\dealcabby
2012-09-10 04:25:59   --------   d-----w-   c:\documents and settings\me\application data\Babylon
2012-09-10 04:25:59   --------   d-----w-   c:\documents and settings\all users\application data\Babylon
2012-09-04 23:37:56   --------   d-----w-   c:\documents and settings\me\local settings\application data\Google
2012-09-04 23:37:31   --------   d-----w-   c:\documents and settings\me\local settings\application data\Deployment
2012-09-04 23:18:43   17136   ----a-w-   c:\windows\system32\mucltui.dll.mui
2012-09-04 23:18:42   275696   ----a-w-   c:\windows\system32\mucltui.dll
2012-08-31 23:50:50   --------   d-----w-   c:\windows\system32\Adobe
2012-08-31 23:48:58   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-08-31 23:45:04   --------   d-----w-   c:\program files\Microsoft Security Client
2012-08-31 22:59:57   --------   d-----w-   c:\windows\SxsCaPendDel
2012-08-31 22:42:06   --------   d-----w-   c:\windows\system32\XPSViewer
2012-08-31 22:41:47   89088   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-08-31 22:41:37   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-08-31 22:41:37   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-08-31 22:41:37   597504   ------w-   c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-08-31 22:41:37   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2012-08-31 22:41:37   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2012-08-31 22:41:37   117760   ------w-   c:\windows\system32\prntvpt.dll
2012-08-31 22:41:36   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2012-08-31 22:41:36   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2012-08-31 22:41:36   --------   d-----w-   C:\3816b72c9ecaa6cb1a
2012-08-31 22:38:04   --------   d-----w-   c:\documents and settings\me\local settings\application data\Sun
2012-08-31 22:30:21   73416   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 22:30:21   696520   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-31 22:27:53   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-08-31 22:27:53   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-08-31 22:27:53   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-08-31 22:27:49   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 21:50:33   --------   d-----w-   c:\windows\Downloaded Installations
2012-08-31 21:41:24   --------   d-----w-   c:\documents and settings\me\local settings\application data\ATI
2012-08-31 21:40:11   216800   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2012-08-31 21:40:11   147456   ----a-w-   c:\windows\system32\SynTPAPI.dll
2012-08-31 21:40:11   110592   ----a-w-   c:\windows\system32\SynTPCo4.dll
2012-08-31 21:40:10   196608   ----a-w-   c:\windows\system32\SynCtrl.dll
2012-08-31 21:40:10   163840   ----a-w-   c:\windows\system32\SynCOM.dll
2012-08-31 21:40:10   --------   d-----w-   c:\program files\Synaptics
2012-08-31 21:36:12   --------   d-----w-   c:\program files\ATI Technologies
2012-08-31 21:34:47   36864   ----a-w-   c:\windows\system32\drivers\AmdK8.sys
2012-08-31 21:34:46   --------   d-----w-   c:\program files\AMD
2012-08-31 21:33:57   --------   d-----w-   c:\windows\system32\ReinstallBackups
2012-08-31 21:33:43   729088   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-08-31 21:33:43   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-08-31 21:33:43   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-08-31 21:33:43   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-08-31 21:33:43   192512   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-08-31 21:33:43   188548   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-08-31 21:33:42   311428   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-08-31 21:20:10   --------   d-sh--w-   c:\documents and settings\me\PrivacIE
2012-08-31 21:10:50   --------   d-sh--w-   c:\documents and settings\me\IETldCache
2012-08-31 21:06:16   521728   -c----w-   c:\windows\system32\dllcache\jsdbgui.dll
2012-08-31 21:05:52   6144   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2012-08-31 21:05:37   --------   d-----w-   c:\windows\ie8updates
2012-08-31 21:05:33   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2012-08-31 21:05:33   629760   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2012-08-31 21:05:33   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2012-08-31 21:05:33   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2012-08-31 21:05:33   2000384   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2012-08-31 21:05:33   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2012-08-31 21:05:33   11111424   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2012-08-31 21:04:38   --------   dc-h--w-   c:\windows\ie8
2012-08-31 20:51:37   456320   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2012-08-31 20:50:48   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2012-08-31 20:50:48   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2012-08-31 20:48:19   2148352   -c----w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2012-08-31 20:48:18   2192640   -c----w-   c:\windows\system32\dllcache\ntoskrnl.exe
2012-08-31 20:48:18   2026496   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2012-08-31 20:47:34   --------   d-sh--w-   c:\documents and settings\me\UserData
2012-08-31 20:46:37   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2012-08-31 20:46:08   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-08-31 20:46:08   3072   ------w-   c:\windows\system32\iacenc.dll
2012-08-31 20:44:20   26144   ----a-w-   c:\windows\system32\spupdsvc.exe
2012-08-31 20:44:20   --------   d-----w-   c:\windows\system32\PreInstall
2012-08-31 20:44:19   --------   d--h--w-   c:\windows\$hf_mig$
2012-08-31 20:39:51   6272   -c--a-w-   c:\windows\system32\dllcache\splitter.sys
2012-08-31 20:38:02   989952   ----a-r-   c:\windows\system32\drivers\HSF_DPV.sys
2012-08-31 20:38:02   94208   ----a-r-   c:\windows\system32\mdmxsdk.dll
2012-08-31 20:38:02   731136   ----a-r-   c:\windows\system32\drivers\HSF_CNXT.sys
2012-08-31 20:38:02   217088   ----a-w-   c:\windows\system32\UCI32M21.dll
2012-08-31 20:38:02   211200   ----a-r-   c:\windows\system32\drivers\HSFHWAZL.sys
2012-08-31 20:38:02   12672   ----a-r-   c:\windows\system32\drivers\mdmxsdk.sys
2012-08-31 20:38:02   --------   d-----w-   c:\program files\CONEXANT
2012-08-31 20:28:19   --------   d-----w-   c:\windows\system32\SoftwareDistribution
2012-08-31 20:27:58   45568   ----a-r-   c:\windows\system32\drivers\bcm4sbxp.sys
2012-08-31 20:27:54   --------   d-----w-   c:\program files\Broadcom
2012-08-31 20:27:19   --------   d-----w-   C:\dell
2012-08-31 19:14:45   26368   -c--a-w-   c:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M  ====================
.
2012-07-06 13:58:51   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05:18   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49:33   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49:32   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43   385024   ------w-   c:\windows\system32\html.iec
2012-06-28 21:33:04   81920   ------w-   c:\windows\system32\ieencode.dll
.
============= FINISH:  8:07:54.51 ===============


I see some left over babylon and funmoods items there.

4

28
Analysis and Malware Removal / Re: Post clean up second opinion
« on: September 12, 2012, 01:52:01 AM »
Hi Corrine,

Yeah, I noticed that defrag warning but figured I would wait until I made sure it was all clear.

Here is the Combofix log:

ComboFix 12-09-11.02 - ME 09/11/2012  19:41:48.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.894.492 [GMT -7:00]
Running from: c:\documents and settings\ME\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-12 to 2012-09-12  )))))))))))))))))))))))))))))))
.
.
2012-08-31 22:41 . 2012-08-31 22:41   --------   d-----w-   C:\3816b72c9ecaa6cb1a
2012-08-31 20:27 . 2012-08-31 20:27   --------   d-----w-   C:\dell
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2008-04-14 12:00   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-03 13:40 . 2008-04-14 12:00   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00   385024   ------w-   c:\windows\system32\html.iec
2012-06-28 21:33 . 2012-06-28 21:33   81920   ------w-   c:\windows\system32\ieencode.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-04 23:37   116648   ----atw-   c:\documents and settings\ME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 11:54 AM 116608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/11/2012 2:43 PM 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/11/2012 2:43 PM 116648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 21:43]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-11 21:43]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-879983540-1801674531-1004Core.job
- c:\documents and settings\ME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-04 23:37]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-879983540-1801674531-1004UA.job
- c:\documents and settings\ME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-04 23:37]
.
2012-09-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2012-09-12 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-87652847.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-11 19:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-09-11  19:46:12
ComboFix-quarantined-files.txt  2012-09-12 02:46
.
Pre-Run: 152,763,998,208 bytes free
Post-Run: 152,801,816,576 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - A880F9715BFBB8F96818B37E4580C5B2


Thanks for putting up with me. Still learning how to understand what these scans are telling me.

4

29
Analysis and Malware Removal / Post clean up second opinion
« on: September 11, 2012, 11:01:35 PM »
Hello,

A laptop with a fresh install was put into the hands of a teenager and returned to me within 10 days with an occasional bsod issue.

I ran MWB, found and removed 63 funmood.pup related items.
I ran SAS, found and removed several items related to babylon toolbar, dealcabby and playbryte.
I ran ESET, found and removed 8 items associated with the above.
I ran TDSSkiller, found nothing.
I ran aswMBR, detected items related to playbryte, used Revo to unistall that and dealcabby,
I reran aswMBR and it did not detect the above bet detected some volume information restore items, turned off system restore and rebooted to clear restore points.
I reran aswMBR and it detected nothing but did have the following listed in yellow:
 Service MpKsl6c47b8ef c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43CE331C-A64D-44ED-97BC-C3170F1C6BB9}\MpKsl6c47b8ef.sys **LOCKED** 32
I ran MWB again and it detected nothing.

I think, outside of an ac adapter error at boot, I have it cleaned up but would appreciate an expert opinion.

Here is the Security check log:

 Results of screen317's Security Check version 0.99.50 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.65.0.1400 
 CCleaner     
 Java 7 Update 7 
 Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]


Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by ME at 16:40:27 on 2012-09-11
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.894.452 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0EyE0CtA0Bzy0D0B0DyE0BtAtBtN0D0Tzu0CtByDtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1964784783
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.7.2.0\bh\BabylonToolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346446056722
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346448561406
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2F8F61AD-3B33-4E11-BB3E-64F221B3491A} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl6c47b8ef;MpKsl6c47b8ef;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43ce331c-a64d-44ed-97bc-c3170f1c6bb9}\MpKsl6c47b8ef.sys [2012-9-11 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-9-11 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-9-11 116648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-11 23:02:09   29904   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43ce331c-a64d-44ed-97bc-c3170f1c6bb9}\MpKsl6c47b8ef.sys
2012-09-11 21:50:14   --------   d-----w-   c:\windows\pss
2012-09-11 21:43:32   --------   d-----w-   c:\program files\CCleaner
2012-09-11 21:08:55   --------   d-----w-   c:\program files\VS Revo Group
2012-09-11 19:28:03   --------   d-----w-   c:\documents and settings\me\application data\SUPERAntiSpyware.com
2012-09-11 19:27:42   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-09-11 19:27:42   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-11 15:07:50   --------   d-----w-   c:\documents and settings\me\application data\Malwarebytes
2012-09-11 15:07:26   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-09-11 15:07:23   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-11 15:07:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-09-11 15:07:14   7022536   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43ce331c-a64d-44ed-97bc-c3170f1c6bb9}\mpengine.dll
2012-09-10 04:56:07   7022536   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-10 04:51:11   --------   d-----w-   c:\documents and settings\me\application data\Funmoods
2012-09-10 04:51:10   --------   d-----w-   c:\documents and settings\me\application data\BabylonToolbar
2012-09-10 04:35:58   --------   d-----w-   c:\program files\Funmoods
2012-09-10 04:35:58   --------   d-----w-   c:\documents and settings\me\local settings\application data\Wajam
2012-09-10 04:26:23   --------   d-----w-   c:\program files\BabylonToolbar
2012-09-10 04:26:02   --------   d-----w-   c:\documents and settings\me\local settings\application data\dealcabby
2012-09-10 04:25:59   --------   d-----w-   c:\documents and settings\me\application data\Babylon
2012-09-10 04:25:59   --------   d-----w-   c:\documents and settings\all users\application data\Babylon
2012-09-04 23:37:56   --------   d-----w-   c:\documents and settings\me\local settings\application data\Google
2012-09-04 23:37:31   --------   d-----w-   c:\documents and settings\me\local settings\application data\Deployment
2012-09-04 23:18:43   17136   ----a-w-   c:\windows\system32\mucltui.dll.mui
2012-09-04 23:18:42   275696   ----a-w-   c:\windows\system32\mucltui.dll
2012-08-31 23:50:50   --------   d-----w-   c:\windows\system32\Adobe
2012-08-31 23:48:58   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-08-31 23:45:04   --------   d-----w-   c:\program files\Microsoft Security Client
2012-08-31 22:59:57   --------   d-----w-   c:\windows\SxsCaPendDel
2012-08-31 22:42:06   --------   d-----w-   c:\windows\system32\XPSViewer
2012-08-31 22:41:47   89088   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-08-31 22:41:37   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-08-31 22:41:37   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-08-31 22:41:37   597504   ------w-   c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-08-31 22:41:37   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2012-08-31 22:41:37   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2012-08-31 22:41:37   117760   ------w-   c:\windows\system32\prntvpt.dll
2012-08-31 22:41:36   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2012-08-31 22:41:36   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2012-08-31 22:41:36   --------   d-----w-   C:\3816b72c9ecaa6cb1a
2012-08-31 22:38:04   --------   d-----w-   c:\documents and settings\me\local settings\application data\Sun
2012-08-31 22:30:21   73416   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 22:30:21   696520   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-31 22:27:53   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-08-31 22:27:53   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-08-31 22:27:53   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-08-31 22:27:49   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 21:50:33   --------   d-----w-   c:\windows\Downloaded Installations
2012-08-31 21:41:24   --------   d-----w-   c:\documents and settings\me\local settings\application data\ATI
2012-08-31 21:40:11   216800   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2012-08-31 21:40:11   147456   ----a-w-   c:\windows\system32\SynTPAPI.dll
2012-08-31 21:40:11   110592   ----a-w-   c:\windows\system32\SynTPCo4.dll
2012-08-31 21:40:10   196608   ----a-w-   c:\windows\system32\SynCtrl.dll
2012-08-31 21:40:10   163840   ----a-w-   c:\windows\system32\SynCOM.dll
2012-08-31 21:40:10   --------   d-----w-   c:\program files\Synaptics
2012-08-31 21:36:12   --------   d-----w-   c:\program files\ATI Technologies
2012-08-31 21:34:47   36864   ----a-w-   c:\windows\system32\drivers\AmdK8.sys
2012-08-31 21:34:46   --------   d-----w-   c:\program files\AMD
2012-08-31 21:33:57   --------   d-----w-   c:\windows\system32\ReinstallBackups
2012-08-31 21:33:43   729088   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-08-31 21:33:43   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-08-31 21:33:43   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-08-31 21:33:43   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-08-31 21:33:43   192512   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-08-31 21:33:43   188548   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-08-31 21:33:42   311428   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-08-31 21:20:10   --------   d-sh--w-   c:\documents and settings\me\PrivacIE
2012-08-31 21:10:50   --------   d-sh--w-   c:\documents and settings\me\IETldCache
2012-08-31 21:06:16   521728   -c----w-   c:\windows\system32\dllcache\jsdbgui.dll
2012-08-31 21:05:52   6144   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2012-08-31 21:05:37   --------   d-----w-   c:\windows\ie8updates
2012-08-31 21:05:33   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2012-08-31 21:05:33   629760   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2012-08-31 21:05:33   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2012-08-31 21:05:33   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2012-08-31 21:05:33   2000384   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2012-08-31 21:05:33   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2012-08-31 21:05:33   11111424   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2012-08-31 21:04:38   --------   dc-h--w-   c:\windows\ie8
2012-08-31 20:51:37   456320   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2012-08-31 20:50:48   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2012-08-31 20:50:48   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2012-08-31 20:48:19   2148352   -c----w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2012-08-31 20:48:18   2192640   -c----w-   c:\windows\system32\dllcache\ntoskrnl.exe
2012-08-31 20:48:18   2026496   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2012-08-31 20:47:34   --------   d-sh--w-   c:\documents and settings\me\UserData
2012-08-31 20:46:37   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2012-08-31 20:46:08   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-08-31 20:46:08   3072   ------w-   c:\windows\system32\iacenc.dll
2012-08-31 20:44:20   26144   ----a-w-   c:\windows\system32\spupdsvc.exe
2012-08-31 20:44:20   --------   d-----w-   c:\windows\system32\PreInstall
2012-08-31 20:44:19   --------   d--h--w-   c:\windows\$hf_mig$
2012-08-31 20:39:51   6272   -c--a-w-   c:\windows\system32\dllcache\splitter.sys
2012-08-31 20:38:02   989952   ----a-r-   c:\windows\system32\drivers\HSF_DPV.sys
2012-08-31 20:38:02   94208   ----a-r-   c:\windows\system32\mdmxsdk.dll
2012-08-31 20:38:02   731136   ----a-r-   c:\windows\system32\drivers\HSF_CNXT.sys
2012-08-31 20:38:02   217088   ----a-w-   c:\windows\system32\UCI32M21.dll
2012-08-31 20:38:02   211200   ----a-r-   c:\windows\system32\drivers\HSFHWAZL.sys
2012-08-31 20:38:02   12672   ----a-r-   c:\windows\system32\drivers\mdmxsdk.sys
2012-08-31 20:38:02   --------   d-----w-   c:\program files\CONEXANT
2012-08-31 20:28:19   --------   d-----w-   c:\windows\system32\SoftwareDistribution
2012-08-31 20:27:58   45568   ----a-r-   c:\windows\system32\drivers\bcm4sbxp.sys
2012-08-31 20:27:54   --------   d-----w-   c:\program files\Broadcom
2012-08-31 20:27:19   --------   d-----w-   C:\dell
2012-08-31 19:14:45   26368   -c--a-w-   c:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M  ====================
.
2012-07-06 13:58:51   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05:18   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49:33   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49:32   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43   385024   ------w-   c:\windows\system32\html.iec
2012-06-28 21:33:04   81920   ------w-   c:\windows\system32\ieencode.dll
.
============= FINISH: 16:41:12.64 ===============


Here is the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2012 9:33:24 AM
System Uptime: 9/11/2012 4:00:32 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0WY383
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket M2/S1G1 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 142.333 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AMD Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Babylon toolbar on IE
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
CCleaner
Conexant HDA D330 MDC V.92 Modem
Dell Touchpad
Dell Wireless WLAN Card Utility
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java 7 Update 7
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SigmaTel Audio
SUPERAntiSpyware
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
9/9/2012 9:26:25 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/9/2012 10:27:40 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdK8 Fips MpFilter
9/9/2012 10:26:27 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/9/2012 10:14:20 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.8 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/9/2012 10:13:13 AM, error: System Error [1003]  - Error code 1000000a, parameter1 e8f43340, parameter2 00000002, parameter3 00000000, parameter4 80523a24.
9/7/2012 6:08:15 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.9 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/5/2012 8:46:57 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.6 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/5/2012 6:19:02 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.12 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/4/2012 8:22:52 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.14 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/4/2012 4:17:50 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.145 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/11/2012 9:48:23 AM, error: System Error [1003]  - Error code 100000d1, parameter1 98706faf, parameter2 00000007, parameter3 00000000, parameter4 f7393021.
9/11/2012 9:01:35 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
9/11/2012 8:01:47 AM, error: Service Control Manager [7034]  - The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
9/11/2012 7:50:41 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.10 for the Network Card with network address 001E4C3B9DBD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/11/2012 2:57:49 PM, error: ACPIEC [1]  - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period.  This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.  The EC driver will retry the failed transaction if possible.
9/11/2012 2:47:29 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
9/11/2012 2:47:29 PM, error: Service Control Manager [7034]  - The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).
9/11/2012 2:47:29 PM, error: Service Control Manager [7031]  - The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/11/2012 2:47:29 PM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
9/11/2012 2:47:29 PM, error: Service Control Manager [7031]  - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/11/2012 10:19:15 AM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================


Not sure how to read those yet.

Thank you.

4

30
Analysis and Malware Removal / Re: Smart pc Cleaner
« on: August 25, 2012, 09:06:14 PM »
So far the only feed back I got was that it was running hot where the fan is and it froze up on him when chatting. Having him get some canned air when he can and I will show him how to safely blow it out.

Pages: 1 [2] 3 4