myweb search

Started by Ghost, July 11, 2012, 03:50:16 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Ghost

July 11, 2012, 03:50:16 PM
hi again,
this pc belongs a friend of a very good friend.
i ran malwarebytes and it found 61 infections. i quarentened and rebooted. after several reboots and all seems to run smooth i removed all items in quarenteen. ran malwarebytes again and it found nothing.
i thought i had better run the dds and security check scans and ask someone to check out the logs to see if anything is left.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by owner at 11:18:08 on 2012-07-11
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4061.1293 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bandoo\Bandoo.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Free Ride Games\GPlayer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1320680
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:58182
uURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
mURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
mWinlogon: Userinit=userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO: ShopAtHome.com Toolbar: {66516a07-f617-488a-90cf-4e690cfb3c5f} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.613.0\NativeBHO.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
TB: ShopAtHome.com Toolbar: {311b58dc-a4dc-4b04-b1b5-60299ad3d803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
TB: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe  /s
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{B539C469-8D65-4458-A932-6C69B89B2A34} : DhcpNameServer = 68.94.156.1 68.94.157.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\bandoo\bndhook.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO-X64:     Symantec NCO BHO - No File
BHO-X64: ShopAtHome.com Toolbar: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
BHO-X64:     ShopAtHome.com Toolbar - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.613.0\NativeBHO.dll
BHO-X64:     Constant Guard Protection Suite (COM) - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
BHO-X64:     A Free Ride Games Bar - No File
TB-X64: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
TB-X64: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe  /s
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
AppInit_DLLs-X64: c:\progra~2\bandoo\bndhook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120707.001\IDSviA64.sys [2012-7-10 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-16 13336]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-6-13 66160]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [2012-4-24 130008]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-16 705856]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-7-2 688360]
R2 X5XSEx;X5XSEx;C:\Program Files (x86)\Free Ride Games\X5XSEx.sys [2011-12-24 55400]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-2 138912]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-7 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-7 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-11 15:05:07   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCEE2EAB-CE79-4727-8A64-9293245A1C8F}\offreg.dll
2012-07-11 14:50:43   9013136   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCEE2EAB-CE79-4727-8A64-9293245A1C8F}\mpengine.dll
2012-07-09 21:42:44   9013136   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-03 21:20:39   927800   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8E9E9BD-099E-4F2D-8DE7-DD1A54467A89}\gapaengine.dll
2012-06-21 15:36:50   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2012-06-21 15:36:25   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2012-06-21 15:35:58   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2012-06-21 15:35:58   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
2012-06-14 07:00:59   2311680   ----a-w-   C:\Windows\System32\jscript9.dll
2012-06-14 07:00:59   1800192   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-06-14 07:00:58   887296   ----a-w-   C:\Program Files\Internet Explorer\iedvtool.dll
2012-06-14 07:00:58   678912   ----a-w-   C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-06-14 07:00:58   499200   ----a-w-   C:\Program Files\Internet Explorer\jsdbgui.dll
2012-06-14 07:00:58   387584   ----a-w-   C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-06-12 22:29:43   927800   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
==================== Find3M  ====================
.
2012-07-04 21:23:32   148664   ----a-w-   C:\Windows\SysWow64\WRusr.dll
2012-07-04 21:23:32   113168   ----a-w-   C:\Windows\System32\drivers\WRkrn.sys
2012-07-04 21:23:32   101808   ----a-w-   C:\Windows\System32\WRusr.dll
2012-05-18 01:59:14   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-05-18 01:58:39   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-05-17 22:35:47   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20   3144192   ----a-w-   C:\Windows\System32\win32k.sys
2012-05-04 10:52:22   5505392   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16   3958128   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15   3902320   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43   208896   ----a-w-   C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40   204800   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38   76288   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45   182272   ----a-w-   C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45   1460224   ----a-w-   C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45   140288   ----a-w-   C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04   139264   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03   1156608   ----a-w-   C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 11:28:26.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/5/2010 6:09:43 PM
System Uptime: 7/11/2012 10:59:19 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 018D1Y
Processor: Pentium(R) Dual-Core  CPU      E5700  @ 3.00GHz | CPU 1 | 3003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 390.333 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP519: 6/25/2012 6:29:04 AM - Windows Update
RP520: 6/29/2012 5:13:05 AM - Windows Update
RP521: 7/2/2012 3:48:25 PM - Windows Update
RP523: 7/5/2012 7:00:15 PM - Windows Update
RP525: 7/9/2012 7:53:41 AM - Windows Update
.
==== Installed Programs ======================
.
A Free Ride Games Bar Toolbar
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Bandoo
Best Buy pc app
Bing Bar
Build-a-lot 2: Town of the Year
Constant Guard Protection Suite
Consumer In-Home Service Agreement
Coupon Printer for Windows
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Communications (Support Software)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Free Ride Games Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GuardedID
HP Deskjet 3000 J310 series Help
HP Photo Creations
HP Update
iLivid
Insider Tales - Vanished in Rome
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Mahjong World
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Corporation
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
Norton Security Suite
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
ShopAtHome.com Toolbar
Skype Toolbars
Skype™ 5.0
SpeedyPC
Super TextTwist
The Treasures of Montezuma
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Webroot SecureAnywhere
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
7/8/2012 7:34:07 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
7/8/2012 12:45:40 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 3 time(s).
7/8/2012 12:45:40 PM, Error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 3 time(s).
7/7/2012 3:31:32 PM, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/7/2012 3:31:32 PM, Error: Service Control Manager [7031]  - The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/7/2012 10:57:06 PM, Error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 2 time(s).
7/7/2012 10:57:06 PM, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/7/2012 1:36:40 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
7/7/2012 1:36:40 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/5/2012 6:34:53 PM, Error: Service Control Manager [7034]  - The Workstation service terminated unexpectedly.  It has done this 3 time(s).
7/5/2012 6:34:53 PM, Error: Service Control Manager [7034]  - The Remote Desktop Services service terminated unexpectedly.  It has done this 3 time(s).
7/5/2012 6:34:53 PM, Error: Service Control Manager [7034]  - The Network Location Awareness service terminated unexpectedly.  It has done this 3 time(s).
7/5/2012 2:01:15 AM, Error: Service Control Manager [7031]  - The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2012 2:01:15 AM, Error: Service Control Manager [7031]  - The Remote Desktop Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2012 2:01:15 AM, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
7/5/2012 10:02:00 AM, Error: Service Control Manager [7031]  - The Workstation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/5/2012 10:02:00 AM, Error: Service Control Manager [7031]  - The Remote Desktop Services service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/5/2012 10:02:00 AM, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
7/4/2012 6:46:57 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
7/4/2012 6:46:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
7/4/2012 6:32:33 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
7/11/2012 11:00:14 AM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
7/11/2012 10:43:10 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer LARRY-N68SA-M2S that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B539C469-8D65-4458-A932-6C69B89B2A34}. The master browser is stopping or an election is being forced.
7/11/2012 10:28:14 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:28:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/11/2012 10:28:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/11/2012 10:28:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/11/2012 10:28:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/11/2012 10:28:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/11/2012 10:28:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/11/2012 10:27:50 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:18:58 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.
7/11/2012 10:18:58 AM, Error: Service Control Manager [7000]  - The CGPS Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/10/2012 7:00:12 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error:  An instance of the service is already running.
7/10/2012 7:00:02 AM, Error: Service Control Manager [7031]  - The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================
Results of screen317's Security Check version 0.99.42 
Windows 7  x64 (UAC is disabled!) 
Out of date service pack!![/b]
Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Norton Security Suite           
Microsoft Security Essentials   
Webroot SecureAnywhere         
Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.61.0.1400 
Java(TM) 6 Update 30 
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome 19.0.1084.56 
Google Chrome 20.0.1132.47 
Google Chrome CommonDotNET.dll.. 
Google Chrome IdVaultCore.dll.. 
Google Chrome IdVaultCore.XmlSerializers.dll. 
Google Chrome Microsoft.mshtml.dll. 
````````Process Check: objlist.exe by Laurent````````[/u] 
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]

thank you,
ghost

Corrine

#1
July 11, 2012, 11:09:05 PM
Hi, Ghost.

Does your friend's friend have an up-to-date license for Norton or Webroot?  Three A/V programs are a disaster waiting to happen with conflicts.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

The uninstallers for Norton and Webroot are linked below.  Microsoft Security Essentials does not need any special help for removal.  However, if Norton is removed, it will be necessary to activate the Windows 7 Firewall.

Norton Removalhttps://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

Webroothttp://support.webroot.com/cgi-bin/webroot.cfg/php/enduser/std_adp.php?p_faqid=1761



Since Java 7 has been released and version 6 will not be supported much longer, please uninstall Java(TM) 6 Update 30.  Then download and install JRE7u5 from http://www.oracle.com/technetwork/java/javase/downloads/index.html



Adobe Flash Player needs to be updated:

Flash Player For Internet Explorer:  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe
Non-IE (Opera, Firefox, Etc.):  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe



Please follow these instructions carefully.

Download ComboFix from the following location:  Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:

  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click "Yes" to continue scanning for malware.

  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

After we are finished, before you return the PC, the Service Pack needs to be installed.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#2
July 12, 2012, 03:21:20 PM
finally
ComboFix 12-07-12.02 - owner 07/12/2012  10:13:06.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4061.2681 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\TotalRecipeSearch_14
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dyn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14highin.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14html.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14httpct.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14idle.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14medint.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14msg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14radio.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regfft.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14reghk.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regiet.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14script.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14sknlcr.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skplay.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\installKeys.js
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\gen1\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Settings\s_pid.dat
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-12 to 2012-07-12  )))))))))))))))))))))))))))))))
.
.
2012-07-12 14:47 . 2012-07-12 14:47   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-07-12 12:20 . 2012-07-12 12:21   --------   d-----w-   c:\program files (x86)\SpywareBlaster
2012-07-12 12:20 . 2010-01-10 23:40   118784   ----a-w-   c:\windows\SysWow64\MSSTDFMT.DLL
2012-07-12 12:10 . 2012-07-03 16:21   355856   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-07-12 12:10 . 2012-07-03 16:21   25232   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-07-12 12:10 . 2012-07-03 16:21   54072   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2012-07-12 12:10 . 2012-07-03 16:21   59728   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-07-12 12:10 . 2012-07-03 16:21   958400   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-07-12 12:10 . 2012-07-03 16:21   71064   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2012-07-12 12:10 . 2012-07-03 16:21   285328   ----a-w-   c:\windows\system32\aswBoot.exe
2012-07-12 12:10 . 2012-07-03 16:21   41224   ----a-w-   c:\windows\avastSS.scr
2012-07-12 12:10 . 2012-07-03 16:21   227648   ----a-w-   c:\windows\SysWow64\aswBoot.exe
2012-07-12 12:09 . 2012-07-12 12:09   --------   d-----w-   c:\programdata\AVAST Software
2012-07-12 12:09 . 2012-07-12 12:09   --------   d-----w-   c:\program files\AVAST Software
2012-07-11 23:35 . 2012-07-11 23:34   955840   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-07-11 23:25 . 2012-07-11 23:25   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 21:07 . 2012-06-12 03:02   3147264   ----a-w-   c:\windows\system32\win32k.sys
2012-07-11 17:55 . 2012-07-11 17:55   --------   d-----w-   c:\program files (x86)\CCleaner
2012-07-11 16:12 . 2012-07-11 16:12   --------   d-----w-   C:\found.000
2012-07-11 14:48 . 2012-06-06 05:50   1880064   ----a-w-   c:\windows\system32\msxml3.dll
2012-07-11 14:48 . 2012-06-06 05:50   2003968   ----a-w-   c:\windows\system32\msxml6.dll
2012-07-11 14:48 . 2012-06-06 05:09   1389568   ----a-w-   c:\windows\SysWow64\msxml6.dll
2012-07-11 14:48 . 2012-06-06 05:09   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2012-06-21 15:36 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-21 15:36 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-21 15:36 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-21 15:36 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-21 15:36 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-21 15:36 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-21 15:36 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-21 15:35 . 2012-06-02 19:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-21 15:35 . 2012-06-02 19:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:34 . 2010-09-17 00:16   839096   ----a-w-   c:\windows\system32\deployJava1.dll
2012-07-11 23:25 . 2011-11-19 23:27   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f92a9fe4-2850-4198-b9d5-279880e49b16}"= "c:\program files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f92a9fe4-2850-4198-b9d5-279880e49b16}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]
2011-11-11 17:29   3994520   ----a-w-   c:\program files (x86)\ShopAtHome\tbcore3U.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f92a9fe4-2850-4198-b9d5-279880e49b16}]
2011-05-09 09:49   176936   ----a-w-   c:\program files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\program files (x86)\ShopAtHome\tbcore3U.dll" [2011-11-11 3994520]
"{f92a9fe4-2850-4198-b9d5-279880e49b16}"= "c:\program files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
.
[HKEY_CLASSES_ROOT\clsid\{f92a9fe4-2850-4198-b9d5-279880e49b16}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-08 39408]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2011-09-02 4862384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2011-09-02 4862384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-6-13 6534768]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-06 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 aswSnx;aswSnx;

  • S1 aswSP;aswSP;

  • S1 GIDv2;GIDv2;

  • S2 aswFsBlk;aswFsBlk;

  • S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-06-13 66160]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
    S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [2010-11-22 55400]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 15:26   435976   ----a-w-   c:\program files (x86)\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 02:53]
    .
    2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 02:53]
    .
    2012-07-11 c:\windows\Tasks\SpeedyPC Program Check.job
    - c:\program files (x86)\SpeedyPC\SpeedyPC.exe [2010-05-19 23:10]
    .
    2012-07-08 c:\windows\Tasks\SpeedyPC.job
    - c:\program files (x86)\SpeedyPC\SpeedyPC.exe [2010-05-19 23:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21   133400   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1320680
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:58182
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - (no file)
    WebBrowser-{F92A9FE4-2850-4198-B9D5-279880E49B16} - (no file)
    AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Bandoo\Bandoo.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-12  11:13:13 - machine was rebooted
    ComboFix-quarantined-files.txt  2012-07-12 15:13
    .
    Pre-Run: 418,661,392,384 bytes free
    Post-Run: 418,833,174,528 bytes free
    .
    - - End Of File - - 999E2FA73A12CC0BE0CD5884CEE3F369

    Ghost

Corrine

#3
July 12, 2012, 05:41:00 PM
Hi, Larry.

Please uninstall the following and pass along to your friend's friend the problems that can occur running registry cleaners as well as to watch pre-checked options when installing software.

Free Ride Games Player
McAfee Security Scan Plus
ShopAtHome.com Toolbar
SpeedyPC

Please go here to run an on-line scan from ESET.

  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#4
July 12, 2012, 08:01:15 PM
hi Corrine,
i have uninstalled the four items you mentioned and the pc is running somewhat better.

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe   a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe   a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe   a variant of Win32/InstallCore.A application
C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll   Win32/OpenCandy application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll.vir   a variant of Win32/Toolbar.MyWebSearch.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14html.dll.vir   probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll.vir   probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll.vir   probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll.vir   probably a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll.vir   a variant of Win32/Toolbar.MyWebSearch.P application
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Default\aagddidgdcdbgddcgddjdjgcdedbgddh\background.html   Win32/BHO.OEI trojan

thanks,
Ghost

Corrine

#5
July 12, 2012, 09:36:52 PM
Thanks, Ghost.

From the ESET scan:

Dell DataSafe is a valid program.  However, it appears to be a paid program.  If the owner does not have a valid subscription, please uninstall both Dell DataSafe Local Backup and Dell DataSafe Local Backup - Support Software.

FoxTabVideoConverter -- from reports I found, Kaspersky also detects it and there is no uninstaller.  We'll address it with ComboFix later.

RealArcade -- Open candy, another without an uninstaller which bundled with certain third-party software installation programs.

The other findings are in the CombFix quarantine.



After you find out about DellSafe, please post a fresh DDS.txt log and I will provide ComboFix instructions.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#6
July 13, 2012, 11:33:33 AM
morning Corrine,
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.5.1
Run by owner at 7:20:28 on 2012-07-13
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4061.1983 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bandoo\Bandoo.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1320680
uSearch Bar =
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:58182
mSearchAssistant =
uURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
mURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.613.0\NativeBHO.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
TB: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe  /s
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{B539C469-8D65-4458-A932-6C69B89B2A34} : DhcpNameServer = 68.94.156.1 68.94.157.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\bandoo\bndhook.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.613.0\NativeBHO.dll
BHO-X64:     Constant Guard Protection Suite (COM) - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
BHO-X64:     A Free Ride Games Bar - No File
TB-X64: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe  /s
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
AppInit_DLLs-X64: c:\progra~2\bandoo\bndhook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-12 44808]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-16 13336]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-6-13 66160]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-7 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-7 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-13 11:00:23   9013136   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88B9E85A-E98E-42F2-870D-0D9065B5BB3E}\mpengine.dll
2012-07-12 17:55:07   --------   d-----w-   C:\Program Files (x86)\ESET
2012-07-12 16:14:18   --------   d-----w-   C:\Program Files (x86)\Oracle
2012-07-12 16:13:53   772504   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2012-07-12 15:37:24   --------   d-----w-   C:\Users\owner\AppData\Local\Mozilla
2012-07-12 14:51:45   --------   d-----w-   C:\$RECYCLE.BIN
2012-07-12 14:07:24   --------   d-----w-   C:\ComboFix
2012-07-12 12:20:58   118784   ----a-w-   C:\Windows\SysWow64\MSSTDFMT.DLL
2012-07-12 12:20:58   --------   d-----w-   C:\Program Files (x86)\SpywareBlaster
2012-07-12 12:10:38   54072   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2012-07-12 12:10:35   958400   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2012-07-12 12:10:32   71064   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-12 12:10:03   41224   ----a-w-   C:\Windows\avastSS.scr
2012-07-12 12:09:55   --------   d-----w-   C:\ProgramData\AVAST Software
2012-07-12 12:09:55   --------   d-----w-   C:\Program Files\AVAST Software
2012-07-11 23:56:57   98816   ----a-w-   C:\Windows\sed.exe
2012-07-11 23:56:57   518144   ----a-w-   C:\Windows\SWREG.exe
2012-07-11 23:56:57   256000   ----a-w-   C:\Windows\PEV.exe
2012-07-11 23:56:57   208896   ----a-w-   C:\Windows\MBR.exe
2012-07-11 23:35:18   955840   ----a-w-   C:\Windows\System32\npDeployJava1.dll
2012-07-11 23:25:04   426184   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 21:07:20   3147264   ----a-w-   C:\Windows\System32\win32k.sys
2012-07-11 17:55:26   --------   d-----w-   C:\Program Files (x86)\CCleaner
2012-07-11 16:12:33   --------   d-----w-   C:\found.000
2012-07-11 14:48:04   1880064   ----a-w-   C:\Windows\System32\msxml3.dll
2012-07-11 14:48:03   2003968   ----a-w-   C:\Windows\System32\msxml6.dll
2012-07-11 14:48:03   1389568   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2012-07-11 14:48:03   1236992   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2012-06-21 15:36:50   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2012-06-21 15:36:25   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2012-06-21 15:35:58   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2012-06-21 15:35:58   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
.
==================== Find3M  ====================
.
2012-07-11 23:34:18   839096   ----a-w-   C:\Windows\System32\deployJava1.dll
2012-07-11 23:25:04   70344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 12:12:17   2311680   ----a-w-   C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-06-02 12:04:50   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25   1800192   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26   95088   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24   152432   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45   459216   ----a-w-   C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02   340992   ----a-w-   C:\Windows\System32\schannel.dll
2012-06-02 05:27:00   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35   225280   ----a-w-   C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31   219136   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-05-04 23:29:16   687504   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-05-04 10:52:22   5505392   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16   3958128   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15   3902320   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43   208896   ----a-w-   C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40   204800   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38   76288   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45   182272   ----a-w-   C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45   1460224   ----a-w-   C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45   140288   ----a-w-   C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04   139264   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03   1156608   ----a-w-   C:\Windows\SysWow64\crypt32.dll
.
============= FINISH:  7:29:00.93 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/5/2010 6:09:43 PM
System Uptime: 7/13/2012 7:04:39 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 018D1Y
Processor: Pentium(R) Dual-Core  CPU      E5700  @ 3.00GHz | CPU 1 | 3003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 393.269 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro       
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3#
Manufacturer: Generic-
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC         
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Manufacturer: Generic-
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: U3 Cruzer Micro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_4.04#0000184AA4749B22&0#
Manufacturer: SanDisk
Name: TDrive
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_U3_CRUZER_MICRO&REV_4.04#0000184AA4749B22&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD Picture   
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash   
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1#
Manufacturer: Generic-
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP523: 7/5/2012 7:00:15 PM - Windows Update
RP525: 7/9/2012 7:53:41 AM - Windows Update
RP526: 7/11/2012 2:03:43 PM - Windows Update
RP527: 7/11/2012 5:05:01 PM - Windows Update
RP528: 7/11/2012 7:32:13 PM - Removed Java(TM) 6 Update 30
RP529: 7/11/2012 7:34:09 PM - Installed Java(TM) 7 Update 5 (64-bit)
RP530: 7/12/2012 8:09:40 AM - avast! Free Antivirus Setup
RP531: 7/12/2012 12:12:58 PM - Installed Java(TM) 7 Update 5
RP532: 7/12/2012 12:14:01 PM - Installed JavaFX 2.1.1
RP533: 7/13/2012 7:01:13 AM - Configured Dell DataSafe Local Backup - Support Software
RP534: 7/13/2012 7:03:05 AM - Removed Dell DataSafe Local Backup
.
==== Installed Programs ======================
.
A Free Ride Games Bar Toolbar
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
avast! Free Antivirus
Bandoo
Best Buy pc app
Bing Bar
CCleaner (remove only)
Constant Guard Protection Suite
Consumer In-Home Service Agreement
Coupon Printer for Windows
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Communications (Support Software)
Dell Dock
Dell Getting Started Guide
ESET Online Scanner v3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GuardedID
HP Deskjet 3000 J310 series Help
HP Photo Creations
HP Update
iLivid
Insider Tales - Vanished in Rome
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Choice Guard
Microsoft Corporation
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Toolbars
Skype™ 5.0
SpywareBlaster 4.6
Super TextTwist
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
7/8/2012 7:34:07 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
7/8/2012 12:45:40 PM, Error: Service Control Manager [7034]  - The DNS Client service terminated unexpectedly.  It has done this 3 time(s).
7/8/2012 12:45:40 PM, Error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 3 time(s).
7/7/2012 10:57:06 PM, Error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 2 time(s).
7/7/2012 10:57:06 PM, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/7/2012 1:36:40 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
7/7/2012 1:36:40 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/13/2012 7:05:28 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
7/13/2012 7:05:28 AM, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/13/2012 7:00:57 AM, Error: Service Control Manager [7034]  - The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
7/12/2012 7:48:13 AM, Error: Service Control Manager [7031]  - The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/12/2012 7:37:07 AM, Error: Service Control Manager [7031]  - The Norton Security Suite service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/12/2012 7:34:36 AM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
7/12/2012 6:02:52 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer LARRY-N68SA-M2S that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B539C469-8D65-4458-A932-6C69B89B2A34}. The master browser is stopping or an election is being forced.
7/12/2012 11:44:51 AM, Error: Service Control Manager [7034]  - The SupportSoft Sprocket Service (DellComms) service terminated unexpectedly.  It has done this 1 time(s).
7/12/2012 11:44:51 AM, Error: Service Control Manager [7034]  - The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
7/12/2012 11:44:51 AM, Error: Service Control Manager [7034]  - The Dock Login Service service terminated unexpectedly.  It has done this 1 time(s).
7/12/2012 11:44:51 AM, Error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
7/12/2012 11:44:51 AM, Error: Service Control Manager [7034]  - The BingBar Service service terminated unexpectedly.  It has done this 1 time(s).
7/12/2012 11:44:51 AM, Error: Service Control Manager [7034]  - The BBUpdate service terminated unexpectedly.  It has done this 1 time(s).
7/12/2012 11:44:51 AM, Error: Service Control Manager [7031]  - The CGPS Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
7/12/2012 11:44:51 AM, Error: Service Control Manager [7031]  - The Bandoo Coordinator service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2012 11:44:51 AM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2012 10:54:33 AM, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  A device attached to the system is not functioning.
7/12/2012 10:50:57 AM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  The specified module could not be found.
7/12/2012 10:48:43 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/12/2012 10:40:39 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/12/2012 10:05:22 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:  An instance of the service is already running.
7/12/2012 10:03:22 AM, Error: Service Control Manager [7031]  - The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2012 10:03:22 AM, Error: Service Control Manager [7031]  - The Remote Desktop Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2012 10:03:22 AM, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
7/12/2012 10:03:22 AM, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/12/2012 10:03:22 AM, Error: Service Control Manager [7031]  - The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/11/2012 2:09:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool x64 - July 2012 (KB890830).
7/11/2012 2:09:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2719985).
7/11/2012 2:09:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2718523).
7/11/2012 2:09:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2691442).
7/11/2012 2:09:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2655992).
7/11/2012 2:09:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition.
7/11/2012 2:09:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition.
7/11/2012 2:08:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
7/11/2012 2:07:33 PM, Error: Microsoft-Windows-Service Pack Installer [8]  - Service Pack installation failed with error code 0x80070bc9.
7/11/2012 11:50:04 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
7/11/2012 11:50:04 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/11/2012 10:28:14 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:28:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/11/2012 10:28:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/11/2012 10:28:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/11/2012 10:28:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/11/2012 10:28:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/11/2012 10:28:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/11/2012 10:27:50 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:27:49 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/11/2012 10:18:58 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.
7/11/2012 10:18:58 AM, Error: Service Control Manager [7000]  - The CGPS Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/10/2012 7:00:12 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error:  An instance of the service is already running.
.
==== End Of File ===========================

thanks,
Ghost

Corrine

#7
July 13, 2012, 06:11:35 PM
Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

Folder::
C:\Program Files (x86)\FoxTabVideoConverter
C:\Program Files (x86)\RealArcade
C:\Program Files (x86)\A_Free_Ride_Games_Bar

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} -
BHO: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} -
TB: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} -
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} -
BHO-X64: SkypeIEPluginBHO -
BHO-X64: URLRedirectionBHO -
BHO-X64: Constant Guard Protection Suite (COM) -
BHO-X64: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} -
BHO-X64: A Free Ride Games Bar -
TB-X64: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} -
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} -
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#8
July 13, 2012, 09:01:39 PM
hi corrine,
combofix log
ComboFix 12-07-13.03 - owner 07/13/2012  15:54:41.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4061.2585 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\A_Free_Ride_Games_Bar
c:\program files (x86)\A_Free_Ride_Games_Bar\A_Free_Ride_Games_BarToolbarHelper.exe
c:\program files (x86)\A_Free_Ride_Games_Bar\A_Free_Ride_Games_BarToolbarHelper1.exe
c:\program files (x86)\A_Free_Ride_Games_Bar\GottenAppsContextMenu.xml
c:\program files (x86)\A_Free_Ride_Games_Bar\ldrtbA_F0.dll
c:\program files (x86)\A_Free_Ride_Games_Bar\ldrtbA_Fr.dll
c:\program files (x86)\A_Free_Ride_Games_Bar\OtherAppsContextMenu.xml
c:\program files (x86)\A_Free_Ride_Games_Bar\prxtbA_F0.dll
c:\program files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll
c:\program files (x86)\A_Free_Ride_Games_Bar\SharedAppsContextMenu.xml
c:\program files (x86)\A_Free_Ride_Games_Bar\tbA_F0.dll
c:\program files (x86)\A_Free_Ride_Games_Bar\tbA_Fr.dll
c:\program files (x86)\A_Free_Ride_Games_Bar\toolbar.cfg
c:\program files (x86)\A_Free_Ride_Games_Bar\ToolbarContextMenu.xml
c:\program files (x86)\A_Free_Ride_Games_Bar\uninstall.exe
c:\program files (x86)\FoxTabVideoConverter
c:\program files (x86)\FoxTabVideoConverter\bin\ffmpeg.exe
c:\program files (x86)\FoxTabVideoConverter\Uninstall\uniSc.dat
c:\program files (x86)\FoxTabVideoConverter\Uninstall\unshrt.dat
c:\program files (x86)\FoxTabVideoConverter\VideoConverter.exe
c:\program files (x86)\RealArcade
c:\program files (x86)\RealArcade\Installer\bin\bstrapinstall.exe
c:\program files (x86)\RealArcade\Installer\bin\gameinstaller.exe
c:\program files (x86)\RealArcade\Installer\bin\gamewrapper.exe
c:\program files (x86)\RealArcade\Installer\bin\gcapi_dll.dll
c:\program files (x86)\RealArcade\Installer\bin\GCHROME.dll
c:\program files (x86)\RealArcade\Installer\bin\gtapi_signed.dll
c:\program files (x86)\RealArcade\Installer\bin\gtbCom.dll
c:\program files (x86)\RealArcade\Installer\bin\InstallerDlg.dll
c:\program files (x86)\RealArcade\Installer\bin\lua50.dll
c:\program files (x86)\RealArcade\Installer\bin\luacom.dll
c:\program files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll
c:\program files (x86)\RealArcade\Installer\bin\RAInstallerPaths.dll
c:\program files (x86)\RealArcade\Installer\bin\RASymCCISGlue.dll
c:\program files (x86)\RealArcade\Installer\bin\ServerTransaction.dll
c:\program files (x86)\RealArcade\Installer\bin\SymCCIS.dll
c:\program files (x86)\RealArcade\Installer\bin\unrar.dll
c:\program files (x86)\RealArcade\Installer\bin\UnRar.exe
c:\program files (x86)\RealArcade\Installer\blank.html
c:\program files (x86)\RealArcade\Installer\blob
c:\program files (x86)\RealArcade\Installer\chrome\bottom.bmp
c:\program files (x86)\RealArcade\Installer\chrome\bottomleft.bmp
c:\program files (x86)\RealArcade\Installer\chrome\bottomright.bmp
c:\program files (x86)\RealArcade\Installer\chrome\chrome.rar
c:\program files (x86)\RealArcade\Installer\chrome\closebuttoninactive.bmp
c:\program files (x86)\RealArcade\Installer\chrome\closebuttonpressed.bmp
c:\program files (x86)\RealArcade\Installer\chrome\left.bmp
c:\program files (x86)\RealArcade\Installer\chrome\logoleft.bmp
c:\program files (x86)\RealArcade\Installer\chrome\logoright.bmp
c:\program files (x86)\RealArcade\Installer\chrome\minimizebuttoninactive.bmp
c:\program files (x86)\RealArcade\Installer\chrome\minimizebuttonpressed.bmp
c:\program files (x86)\RealArcade\Installer\chrome\right.bmp
c:\program files (x86)\RealArcade\Installer\chrome\top.bmp
c:\program files (x86)\RealArcade\Installer\chrome\topleft.bmp
c:\program files (x86)\RealArcade\Installer\chrome\topright.bmp
c:\program files (x86)\RealArcade\Installer\compat-5.1.lua
c:\program files (x86)\RealArcade\Installer\config.lua
c:\program files (x86)\RealArcade\Installer\Extensions\CheckInstallChrome.clf
c:\program files (x86)\RealArcade\Installer\Extensions\CheckInstallGoogleToolbar.clf
c:\program files (x86)\RealArcade\Installer\installerMain.clf
c:\program files (x86)\RealArcade\Installer\mrClean.clf
c:\program files (x86)\RealArcade\Installer\socket\http.lua
c:\program files (x86)\RealArcade\Installer\socket\ltn12.lua
c:\program files (x86)\RealArcade\Installer\socket\mime.lua
c:\program files (x86)\RealArcade\Installer\socket\mime\core.dll
c:\program files (x86)\RealArcade\Installer\socket\socket.lua
c:\program files (x86)\RealArcade\Installer\socket\socket\core.dll
c:\program files (x86)\RealArcade\Installer\socket\url.lua
c:\program files (x86)\RealArcade\Installer\wait.html
c:\program files (x86)\RealArcade\Installer\waiting_bar.gif
c:\program files (x86)\RealArcade\Installer\waiting_process.png
c:\program files (x86)\RealArcade\Installer\waiting_to_install.png
c:\program files (x86)\RealArcade\Installer\waitProc.html
c:\program files (x86)\RealArcade\installLog.txt
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-13 to 2012-07-13  )))))))))))))))))))))))))))))))
.
.
2012-07-13 20:34 . 2012-07-13 20:34   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-07-13 11:00 . 2012-06-18 07:12   9013136   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{88B9E85A-E98E-42F2-870D-0D9065B5BB3E}\mpengine.dll
2012-07-12 17:55 . 2012-07-12 17:55   --------   d-----w-   c:\program files (x86)\ESET
2012-07-12 16:14 . 2012-07-12 16:14   --------   d-----w-   c:\program files (x86)\Oracle
2012-07-12 16:13 . 2012-05-04 23:29   772504   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-07-12 15:37 . 2012-07-12 15:37   --------   d-----w-   c:\users\owner\AppData\Local\Mozilla
2012-07-12 12:20 . 2012-07-12 15:16   --------   d-----w-   c:\program files (x86)\SpywareBlaster
2012-07-12 12:20 . 2010-01-10 23:40   118784   ----a-w-   c:\windows\SysWow64\MSSTDFMT.DLL
2012-07-12 12:10 . 2012-07-03 16:21   355856   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-07-12 12:10 . 2012-07-03 16:21   25232   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-07-12 12:10 . 2012-07-03 16:21   54072   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2012-07-12 12:10 . 2012-07-03 16:21   59728   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-07-12 12:10 . 2012-07-03 16:21   958400   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-07-12 12:10 . 2012-07-03 16:21   71064   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2012-07-12 12:10 . 2012-07-03 16:21   285328   ----a-w-   c:\windows\system32\aswBoot.exe
2012-07-12 12:10 . 2012-07-03 16:21   41224   ----a-w-   c:\windows\avastSS.scr
2012-07-12 12:10 . 2012-07-03 16:21   227648   ----a-w-   c:\windows\SysWow64\aswBoot.exe
2012-07-12 12:09 . 2012-07-12 12:09   --------   d-----w-   c:\programdata\AVAST Software
2012-07-12 12:09 . 2012-07-12 12:09   --------   d-----w-   c:\program files\AVAST Software
2012-07-11 23:35 . 2012-07-11 23:34   955840   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-07-11 23:25 . 2012-07-11 23:25   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 21:07 . 2012-06-12 03:02   3147264   ----a-w-   c:\windows\system32\win32k.sys
2012-07-11 17:55 . 2012-07-11 17:55   --------   d-----w-   c:\program files (x86)\CCleaner
2012-07-11 16:12 . 2012-07-11 16:12   --------   d-----w-   C:\found.000
2012-07-11 14:48 . 2012-06-06 05:50   1880064   ----a-w-   c:\windows\system32\msxml3.dll
2012-07-11 14:48 . 2012-06-06 05:50   2003968   ----a-w-   c:\windows\system32\msxml6.dll
2012-07-11 14:48 . 2012-06-06 05:09   1389568   ----a-w-   c:\windows\SysWow64\msxml6.dll
2012-07-11 14:48 . 2012-06-06 05:09   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2012-06-21 15:36 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-21 15:36 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-21 15:36 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-21 15:36 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-21 15:36 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-21 15:36 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-21 15:36 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-21 15:35 . 2012-06-02 19:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-21 15:35 . 2012-06-02 19:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:34 . 2010-09-17 00:16   839096   ----a-w-   c:\windows\system32\deployJava1.dll
2012-07-11 23:25 . 2011-11-19 23:27   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 16:25 . 2010-11-06 01:21   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-05-04 23:29 . 2011-08-03 02:11   687504   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-05-04 10:52 . 2012-06-13 16:16   5505392   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 16:16   3958128   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 16:16   3902320   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 16:16   208896   ----a-w-   c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 16:16   204800   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 16:16   76288   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 16:16   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 16:16   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 16:16   182272   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 16:16   1460224   ----a-w-   c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 16:16   140288   ----a-w-   c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 16:16   139264   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 16:16   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 16:16   1156608   ----a-w-   c:\windows\SysWow64\crypt32.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-12_14.52.32   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-12 14:51   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-13 20:38   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-12 14:51   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 20:38   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 20:38   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 14:51   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 00:36 . 2012-07-13 20:39   46722              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-13 20:39   44808              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-06 01:25 . 2012-07-13 20:39   14998              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-332005866-2838504322-971871943-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-07-12 14:58   80400              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-13 20:36 . 2012-07-13 20:36   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-12 14:50 . 2012-07-12 14:50   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-13 20:36 . 2012-07-13 20:36   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-12 14:50 . 2012-07-12 14:50   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-12 16:13 . 2012-05-04 23:29   227720              c:\windows\SysWOW64\javaws.exe
+ 2012-07-12 16:13 . 2012-07-12 16:13   174064              c:\windows\SysWOW64\javaw.exe
+ 2012-07-12 16:13 . 2012-07-12 16:13   174064              c:\windows\SysWOW64\java.exe
- 2009-07-14 05:01 . 2012-07-12 14:49   384680              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-13 20:36   384680              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-12 16:13 . 2012-07-12 16:13   461312              c:\windows\Installer\19242a.msi
+ 2010-11-06 01:30 . 2012-07-13 20:36   2101864              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-11-06 01:30 . 2012-07-12 12:16   2101864              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2012-07-13 19:49   11272192              c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-12 13:30   11272192              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-02-24 08:19 . 2012-07-13 20:36   20332536              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-332005866-2838504322-971871943-1000-12288.dat
+ 2012-07-12 16:12 . 2012-07-12 16:12   17379328              c:\windows\Installer\192426.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-6-13 6534768]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-06 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 aswSnx;aswSnx;

  • S1 aswSP;aswSP;

  • S1 GIDv2;GIDv2;

  • S2 aswFsBlk;aswFsBlk;

  • S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-06-13 66160]
    S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-07-05 15:26   435976   ----a-w-   c:\program files (x86)\SFT\GuardedID\GIDI.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 02:53]
    .
    2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 02:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21   133400   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1320680
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:58182
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
    AddRemove-A_Free_Ride_Games_Bar Toolbar - c:\program files (x86)\A_Free_Ride_Games_Bar\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Bandoo\Bandoo.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-13  16:57:11 - machine was rebooted
    ComboFix-quarantined-files.txt  2012-07-13 20:56
    ComboFix2.txt  2012-07-12 15:13
    .
    Pre-Run: 421,866,295,296 bytes free
    Post-Run: 421,013,262,336 bytes free
    .
    - - End Of File - - C83A7F5D3C52CC3C11E747D02CEF81E3

    thank you,
    Ghost

Corrine

#9
July 13, 2012, 09:26:03 PM
How is the computer running now, Ghost?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#10
July 13, 2012, 09:43:49 PM
hi Corrine,
its running very nice and thank you :rose:
Ghost

Corrine

#11
July 13, 2012, 10:20:03 PM
That is great news, Ghost! 

Let's remove the extra files before you return the computer, including Security Check and DDS.  Also, please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.
 

I hope you will be able to convey the message to the owner that caution needs to be used when installing freeware programs.  As in the case of this machine, those programs often include more than the person expected.  Perhaps it wouldn't hurt to bookmark this site and tell him the next time to come here and post the requested logs. :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#12
July 13, 2012, 10:53:55 PM
hi Corrine,
i ran ComboFix /Uninstall and all is clean and running really good;-)
i will convey the facts about installing freeware and i will bookmark this site and refer him to landzdown for help for sure.
you rock,
Ghost

Corrine

#13
July 14, 2012, 12:02:48 AM
Thanks, Ghost!   :hug:


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#14
July 14, 2012, 12:53:20 AM
your very welcome,
Ghost
Print
Go Up Pages1
User actions