Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - 4on4off

Pages: 1 2 3 [4]
46
Analysis and Malware Removal / Re: slow infected laptop
« on: July 12, 2012, 11:49:47 AM »
Good morning Corrine,

I ran the ESET scan twice but each time it and the laptop froze up and the scan stopped at 46% with the following detected:

Win32/toolbar.Zugo application
A Variant of win32/adware.Yontoo.B application
A Variant of win32/adware.Yontoo.A application
A Variant of win32/hidden.A application

Both times I had to power it down by holding down the power button.

Also,I did not have time yet to rerun the sfc scan a second or third time to see if it gave the same message about corrupted files. Will have to get to that after work tonight.

4

47
Analysis and Malware Removal / Re: slow infected laptop
« on: July 12, 2012, 12:08:13 AM »
Sorry for the delay, I had to run my kid across town.

I ran the sfc scan and it found some corrupted files, I saved a snip it and the log in case you want to see them.

I got java updated but when I tried to update adobe it said something was using adobe8 and needed to be stopped first but I can't see what is using it.

I just started downloading the eset virus database and i will post the log when it is done along with an update on how it is running.

Also, when I was messing with updating adobe mse noticed something called ?????.opencandy but I didn't have any default setting set yet so it did not grab it.

Just wanted to update you cuz it had been a bit and I know that the eset scan can take awhile.

4

48
Analysis and Malware Removal / Re: slow infected laptop
« on: July 11, 2012, 10:28:27 PM »
Corrine,

Here is he combofix log:

ComboFix 12-07-11.03 - Aaliyah Kilbourne 07/11/2012  19:09:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3034.1715 [GMT -4:00]
Running from: c:\users\Aaliyah Kilbourne\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HyperCam Toolbar\tbCOre3.dll
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\somototoolbar\vmNTemplatex.dll
c:\users\Aaliyah Kilbourne\AppData\Local\Microsoft\Windows\Temporary Internet Files\CuJBD__vO1_
c:\users\Aaliyah Kilbourne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Gdf_4LN6OcVOIYM
c:\users\Aaliyah Kilbourne\AppData\Local\Microsoft\Windows\Temporary Internet Files\kSyI1AQ_-P7_
c:\users\Public\AkamaiDownloadManagerInstaller.exe
c:\users\Public\kSolo_Install1_2_1_41.exe
c:\users\Public\MorphVOXPro4_Install-1.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\212aa8d2.dll
c:\windows\system32\d7998c4.dll
E:\AUTORUN.INF
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-11 to 2012-07-11  )))))))))))))))))))))))))))))))
.
.
2012-07-11 23:20 . 2012-07-11 23:20   --------   d-----w-   c:\users\Aaliyah Kilbourne\AppData\Local\temp
2012-07-11 21:58 . 2012-06-18 07:14   6762896   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAAB4DE5-C23F-488B-BC91-DE617A5E96B8}\mpengine.dll
2012-07-11 21:11 . 2012-06-13 13:40   2047488   ----a-w-   c:\windows\system32\win32k.sys
2012-07-11 20:53 . 2012-06-05 16:47   708608   ----a-w-   c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 20:53 . 2012-06-05 16:47   1401856   ----a-w-   c:\windows\system32\msxml6.dll
2012-07-11 20:53 . 2012-06-05 16:47   1248768   ----a-w-   c:\windows\system32\msxml3.dll
2012-07-11 20:53 . 2012-06-04 15:26   440704   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-07-11 20:53 . 2012-06-02 00:04   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-07-11 20:53 . 2012-06-02 00:03   204288   ----a-w-   c:\windows\system32\ncrypt.dll
2012-07-11 20:33 . 2012-02-09 18:17   713784   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{386D93B8-F4E5-45D7-A17C-B974A0F47A5B}\gapaengine.dll
2012-07-11 20:24 . 2012-07-11 20:25   --------   d-----w-   c:\program files\Microsoft Security Client
2012-07-11 20:23 . 2010-04-05 20:00   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-07-11 19:52 . 2012-07-11 19:52   --------   d-----w-   c:\program files\VS Revo Group
2012-07-11 17:37 . 2012-07-11 17:37   --------   d-----w-   c:\users\Aaliyah Kilbourne\AppData\Roaming\Malwarebytes
2012-07-11 17:37 . 2012-07-11 17:37   --------   d-----w-   c:\programdata\Malwarebytes
2012-07-11 17:37 . 2012-07-11 17:37   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-07-11 17:37 . 2012-04-04 19:56   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-03 09:26 . 2012-06-02 22:19   53784   ----a-w-   c:\windows\system32\wuauclt.exe
2012-07-03 09:26 . 2012-06-02 22:19   45080   ----a-w-   c:\windows\system32\wups2.dll
2012-07-03 09:26 . 2012-06-02 22:12   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-07-03 09:26 . 2012-06-02 22:19   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
2012-07-03 09:24 . 2012-06-02 22:19   35864   ----a-w-   c:\windows\system32\wups.dll
2012-07-03 09:24 . 2012-06-02 22:19   577048   ----a-w-   c:\windows\system32\wuapi.dll
2012-07-03 09:24 . 2012-06-02 22:12   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-07-03 09:23 . 2012-06-02 19:19   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-07-03 09:23 . 2012-06-02 19:12   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-12 20:58 . 2012-04-23 16:00   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-12 20:58 . 2012-04-23 16:00   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-12 20:58 . 2012-04-23 16:00   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-12 20:55 . 2012-05-15 06:31   197632   ----a-w-   c:\program files\Internet Explorer\IEShims.dll
2012-06-12 20:55 . 2012-05-15 03:26   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-06-12 20:55 . 2012-05-15 06:32   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-06-12 20:55 . 2012-05-15 06:31   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2012-06-12 20:55 . 2012-05-15 06:31   71680   ----a-w-   c:\windows\system32\iesetup.dll
2012-06-12 20:55 . 2012-05-15 03:23   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2012-06-12 20:38 . 2012-05-01 14:03   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MediaGet2"="c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\mediaget.exe" [2011-06-29 6841576]
"Facebook Update"="c:\users\Aaliyah Kilbourne\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]
.
c:\users\Aaliyah Kilbourne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Aaliyah Kilbourne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Aaliyah Kilbourne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Aaliyah Kilbourne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Aaliyah Kilbourne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-10-29 03:33   3292248   ----a-w-   c:\users\Aaliyah Kilbourne\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 06:29   47392   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28   59240   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2010-09-15 11:12   281744   ----a-w-   c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 21:15   1807600   ----a-w-   c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 23:16   454784   ----a-w-   c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 21:22   138096   ----atw-   c:\users\Aaliyah Kilbourne\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-20 03:54   136176   ----atw-   c:\users\Aaliyah Kilbourne\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24   54840   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 17:18   205336   ----a-w-   c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
2011-06-29 16:53   6841576   ----a-w-   c:\users\Aaliyah Kilbourne\AppData\Local\MediaGet2\mediaget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-10-25 01:34   2923192   ----a-w-   c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26   128232   ------w-   c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55   17148552   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-07-11 16:55   7609560   ----a-w-   c:\users\Aaliyah Kilbourne\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-07-11 16:55   1192664   ----a-w-   c:\users\Aaliyah Kilbourne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06   254696   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44   85160   ----a-w-   c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
Akamai   REG_MULTI_SZ      Akamai
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4143027877-4185091322-3881734219-1000Core.job
- c:\users\Aaliyah Kilbourne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-10 21:22]
.
2012-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4143027877-4185091322-3881734219-1000UA.job
- c:\users\Aaliyah Kilbourne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-10 21:22]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4143027877-4185091322-3881734219-1000Core.job
- c:\users\Aaliyah Kilbourne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 03:54]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4143027877-4185091322-3881734219-1000UA.job
- c:\users\Aaliyah Kilbourne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-20 03:54]
.
2012-07-11 c:\windows\Tasks\User_Feed_Synchronization-{6FE96B10-E20B-4E69-8FA4-D59D7FAF518A}.job
- c:\windows\system32\msfeedssync.exe [2012-06-12 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\ooVoo.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 19:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-07-11  19:23:48
ComboFix-quarantined-files.txt  2012-07-11 23:23
.
Pre-Run: 56,848,965,632 bytes free
Post-Run: 59,474,939,904 bytes free
.
- - End Of File - - 3EE4A5E7F912CEFD5B330ADD769B0572

I already see an improvemnt in response time when opening a browser!

4

49
Analysis and Malware Removal / slow infected laptop
« on: July 11, 2012, 08:55:38 PM »
Hello,

My niece's Dell Inspiron 1545 is running vista home premium 32bit. was complaining about it being sluggish and slow to boot.
I deselected several unecessary start up items and ran mwb in safemode which founds 264 items. Mainly pup.mywebsearch or the like along with a few trojans - BHO and Dropper. I did save the log if needed.

I also removed utorrent and frostwire along wih a few extra toolbars.

Here is the checkup.txt:

 Results of screen317's Security Check version 0.99.42 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.61.0.1400 
 TuneUp Companion 1.9.0   
 Java(TM) 6 Update 30 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player    11.1.102.62 
 Adobe Reader 8 Adobe Reader out of Date!
 Google Chrome 19.0.1084.46 
 Google Chrome 19.0.1084.56 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 9 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````[/u]

Here is the the dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272
Run by Aaliyah Kilbourne at 17:25:59 on 2012-07-11
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3034.1550 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\sminst\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\windows\SMINST\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Aaliyah Kilbourne\AppData\Local\MediaGet2\mediaget.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime (drop down deals)\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MediaGet2] c:\users\aaliyah kilbourne\appdata\local\mediaget2\mediaget.exe --minimized
uRun: [Facebook Update] "c:\users\aaliyah kilbourne\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
StartupFolder: c:\users\aaliya~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{78C7D670-D03A-4507-9331-32218139DE48} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CA751E5C-C08C-47DD-B897-54EEB75B4976} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-20 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;c:\program files\common files\dell\mysql\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-1-5 173296]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-6-20 632048]
R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-7 54632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-20 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-20 40552]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusb.sys [2002-2-20 70016]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2012-07-11 21:11:37   2047488   ----a-w-   c:\windows\system32\win32k.sys
2012-07-11 20:53:35   708608   ----a-w-   c:\program files\common files\system\ado\msado15.dll
2012-07-11 20:53:30   1401856   ----a-w-   c:\windows\system32\msxml6.dll
2012-07-11 20:53:30   1248768   ----a-w-   c:\windows\system32\msxml3.dll
2012-07-11 20:53:26   440704   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-07-11 20:53:25   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-07-11 20:53:25   204288   ----a-w-   c:\windows\system32\ncrypt.dll
2012-07-11 20:33:17   713784   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{386d93b8-f4e5-45d7-a17c-b974a0f47a5b}\gapaengine.dll
2012-07-11 20:31:53   6762896   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{888545ff-08f0-4a11-8c19-1b917058edf2}\mpengine.dll
2012-07-11 20:24:15   --------   d-----w-   c:\program files\Microsoft Security Client
2012-07-11 20:23:17   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-07-11 19:52:58   --------   d-----w-   c:\program files\VS Revo Group
2012-07-11 17:37:36   --------   d-----w-   c:\users\aaliyah kilbourne\appdata\roaming\Malwarebytes
2012-07-11 17:37:32   --------   d-----w-   c:\programdata\Malwarebytes
2012-07-11 17:37:31   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-11 17:37:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-07-11 17:07:08   --------   d-----w-   c:\windows\pss
2012-07-03 09:26:18   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2012-07-03 09:24:39   88576   ----a-w-   c:\windows\system32\wudriver.dll
2012-07-03 09:23:47   33792   ----a-w-   c:\windows\system32\wuapp.exe
2012-07-03 09:23:47   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-12 20:58:54   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-12 20:58:37   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-12 20:58:25   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-12 20:55:59   197632   ----a-w-   c:\program files\internet explorer\IEShims.dll
2012-06-12 20:55:59   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-06-12 20:55:58   71680   ----a-w-   c:\windows\system32\iesetup.dll
2012-06-12 20:55:58   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-06-12 20:55:58   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2012-06-12 20:55:53   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2012-06-12 20:38:48   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M  ====================
.
2012-05-15 06:37:49   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-05-15 06:32:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-05-15 05:01:56   385024   ----a-w-   c:\windows\system32\html.iec
.
============= FINISH: 17:27:13.10 ===============


Here is the attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 6/19/2009 6:58:39 PM
System Uptime: 7/11/2012 5:16:07 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Celeron(R) Dual-Core CPU       T3000  @ 1.80GHz | Microprocessor | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 44.667 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 8.871 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Screaming Bee Audio
Device ID: ROOT\MEDIA\0000
Manufacturer: Screaming Bee
Name: Screaming Bee Audio
PNP Device ID: ROOT\MEDIA\0000
Service: SCREAMINGBDRIVER
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510af_Help
4500G510af
4500G510af_Software_Min
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Amnesia - The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AVS Update Manager 1.0
Bing Bar
Bonjour
BufferChm
CameraHelperMsi
Carbonite Online Backup Setup
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conduit Engine
Corel Graphics - Windows Shell Extension
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Destinations
DeviceDiscovery
DivX Plus Web Player
DocMgr
DocProc
Drivers Install For Linksys Easylink Advisor
EA Download Manager
erLT
Facebook Video Calling 1.2.0.159
Fax
Façade
Firebird SQL Server - MAGIX Edition
FL Studio 10
Google Chrome
GoToAssist 8.0.0.514
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510a-f
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
HyperCam Toolbar
IL Download Manager
IMVU Avatar Chat Software
Instant Play Guitar Express
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Katawa Shoujo
Linksys EasyLink Advisor 1.6 (0032)
Logitech Vid HD
Logitech Webcam Software
Love & Order
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic ISO Maker v5.5 (build 0281)
MAGIX Screenshare
MAGIX Speed 2 (MSI)
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
MediaGet2 version 2.1.538.0
MediaGet2 version 2.1.716.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Game Studio 3.1
Microsoft XNA Game Studio 3.1 (ARP entry)
Microsoft XNA Game Studio 3.1 (Platformer)
Microsoft XNA Game Studio 3.1 (Redists)
Microsoft XNA Game Studio 3.1 (Shared Components)
Microsoft XNA Game Studio 3.1 (VCSExpress)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
Microsoft XNA Game Studio 3.1 Documentation
Microsoft XNA Game Studio Platform Tools
Mobile Broadband Generic Drivers
MobileMe Control Panel
MorphVOX Pro
MP3 Rocket FileBulldog Toolbar
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Coach Player
My Magical Cosplay Cafe 1.0
Nancy Drew: The Curse of Blackmoor Manor
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
ooVoo
OpenOffice.org 3.1
osu!
Pando Media Booster
PESTERCHUM
PowerDVD DX
QuickSet
QuickTime
RE: Alistair++ 1
Revo Uninstaller 1.94
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Spotify
SQL Server System CLR Types
Status
TalkAndWrite
Text-To-Speech-Runtime
The Sims Medieval
The Sims™ 3
The Sims™ 3 World Adventures
ToggleEN Toolbar
Toolbox
TrayApp
TuneUp Companion 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.4053
video-processor
Virtual DJ - Atomix Productions
VirtualCloneDrive
VLC media player 1.0.3
WebReg
WhiteBoardMeeting
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Yontoo Layers Runtime (Drop Down Deals) 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
7/5/2012 2:24:04 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
7/11/2012 5:22:16 PM, Error: netbt [4321]  - The name "SCOTT-PC       :0" could not be registered on the interface with IP address 192.168.2.150. The computer with the IP address 192.168.2.148 did not allow the name to be claimed by this computer.
7/11/2012 5:19:15 PM, Error: Service Control Manager [7000]  - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/11/2012 5:19:15 PM, Error: Service Control Manager [7000]  - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/11/2012 5:19:15 PM, Error: Service Control Manager [7000]  - The Instant Wireless USB Network Adapter ver.2.6 Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/11/2012 5:02:25 PM, Error: netbt [4321]  - The name "JILL-PC        :0" could not be registered on the interface with IP address 192.168.2.150. The computer with the IP address 192.168.2.147 did not allow the name to be claimed by this computer.
7/11/2012 4:29:27 PM, Error: VDS Dynamic Provider [10]  - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
7/11/2012 3:49:43 PM, Error: netbt [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.2.150. The computer with the IP address 192.168.2.148 did not allow the name to be claimed by this computer.
7/11/2012 3:46:00 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/11/2012 3:45:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/11/2012 3:45:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/11/2012 3:45:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/11/2012 3:45:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/11/2012 3:44:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
7/11/2012 3:42:44 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 3:42:02 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ElbyCDIO spldr Wanarpv6
7/11/2012 3:42:02 PM, Error: Service Control Manager [7001]  - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 3:42:02 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 3:41:01 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
7/11/2012 3:40:44 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048]  - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
7/11/2012 3:40:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/11/2012 12:49:30 PM, Error: EventLog [6008]  - The previous system shutdown at 12:46:17 PM on 7/11/2012 was unexpected.
7/11/2012 12:46:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
7/11/2012 1:20:55 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/11/2012 1:11:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
.
==== End Of File ===========================

sheesh, that took awhile cuz her keyboard had something spilled on it so some keys are sticky and some don't work.lol

anyway, also for some reason everytime it boots I get the beeping noise and it wants me to the os, only one is listed.

Thank you for any assistance.

4





50
Hi Corrine,

It has been my experience that patience is essential with this kind of stuff. No problem in that department here.

As an example:

My brother is on his way over to drop off his daughters laptop that needs to be cleaned up. I find it easier to deal with when I have multiple projects going to fill the gaps between downloads and scans.  :)

Between that, my own problem and my nephew's data I am going to try and clone when my cords get here today, I will have plenty to keep me busy.  :lol:

4

51
It does not matter how something on a person's computer broke. It could be the result of a malware infection, a conflict with a third-party application, or self-help that backfired. Regardless of the source of the problem, we all want Microsoft to Fix it and to Fix it Now.

Although Microsoft has long provided Knowledge Base articles with detailed instructions for repairing problems such as those mentioned above, the instructions generally involve registry edits -- which is understandably something the average home user generally will shy away from doing.

Along comes Microsoft Fix it, a tool to automate those fixes that you want now, relieving you from worrying about messing up a registry edit that could result in your computer in worse condition than before you attempted the fix.

The Fix it Team has created a wide range of fixes covering problems in Windows, Internet Explorer, Microsoft Office programs such as Excel and Word, Outlook, Windows Media Player, Zune and a whole lot more. Many of those fixes are a result of Windows Error Reporting (WER) where people like you and I allow the submission of crash reports to Microsoft. By submitting those reports, Microsoft Product Support Reports (MPSReports) is able to analyze the results and fixes for repeated problems are added.

To check that Windows Error Reporting (WER) is enabled, do the following:

Windows Vista
:

    Click Control Panel > System and Maintenance > Problem Reports and Solutions > Change settings > Advanced settings > Select "Automatically check for solutions".

Windows XP:

    Click Start > Right-click My Computer > Properties > Advanced Tab > Error Reporting.

If you are not sure where to start, you can try Microsoft Automated Troubleshooting Services (Microsoft ATS) to detect problems on your machine and automatically fix any common problems.

The Fix it Team has provided multiple resources to assist you in locating a Fix it solution:

   1. Fix it for me blog
   2. Fix it Gadget (Download link)
   3. Fix it Solutions Page
   4. Microsoft Fix it Solutions Center

The next time you need a solution for a problem, let Microsoft Fix it for you.

Hello,

I have been having issues for some time with 6 particular updates that repeatedly show as ready to install on a machine running vista home premium 32bit. It hasn't been a major priority as I work on other machines because the machine runs fine outside of these particular updates. When I do have time to look into it I have been bouncing all over the internet looking for solutions to no avail. I will look into the above links and see if any of it will help.

4

Pages: 1 2 3 [4]