Search and Protect among other PUPS

Started by ImScrewed, June 15, 2014, 11:26:24 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

ImScrewed

June 15, 2014, 11:26:24 PM
I'm on my mother in laws computer and noticed it was running slow. I downloaded and installed malewarebytes and ran a scan.... Came up with s&p, conduit and a couple other things. Was curious if you guys could give me a hand!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 1.6.0_26
Run by vicki at 16:20:26 on 2014-06-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1646 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Users\vicki\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
C:\Users\vicki\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [cdloader] "C:\Users\vicki\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HowToSimplified_8e Browser Plugin Loader 64] C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ebrmon64.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\vicki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{58A47C31-49D8-4636-AD7F-24A270AD3946} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-10 55280]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-10 92160]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-6-27 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-15 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-15 860472]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-11-14 232192]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 133928]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-10 1692480]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-15 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-15 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-15 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-12 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-15 22:30:56   122584   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-15 22:30:25   91352   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-15 22:30:25   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-06-15 22:30:25   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-06-15 22:30:25   --------   d-----w-   C:\ProgramData\Malwarebytes
2014-06-15 22:30:25   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-15 22:30:02   --------   d-----w-   C:\Users\vicki\AppData\Local\Programs
2014-06-15 10:37:40   10702536   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3E8E42B-1F69-41C1-B3F6-8AC29E7DEB20}\mpengine.dll
2014-06-14 10:37:56   10702536   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-13 10:38:38   1031560   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2A91B74-B5F1-4C5F-86E0-0706A8B14572}\gapaengine.dll
2014-06-12 19:43:58   --------   d-----w-   C:\Users\vicki\AppData\Local\{468481F3-A42D-4BA5-BEC8-5AAF7104DB06}
2014-06-12 07:21:34   506368   ----a-w-   C:\Windows\System32\aepdu.dll
2014-06-12 07:21:33   424448   ----a-w-   C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-06-07 05:47:57   107368   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2014-06-07 05:47:56   35656   ----a-w-   C:\Windows\System32\LMIport.dll
2014-06-07 05:47:55   92488   ----a-w-   C:\Windows\System32\LMIinit.dll
2014-05-30 10:02:37   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36   752640   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22   5782528   ----a-w-   C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36   38400   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56   592896   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22   2040832   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46   32256   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56   2266112   ----a-w-   C:\Windows\System32\wininet.dll
2014-05-30 07:56:50   4244992   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38   1964544   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10   1790976   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-05-14 01:13:32   70832   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 01:13:32   692400   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-25 02:34:59   801280   ----a-w-   C:\Windows\System32\usp10.dll
2014-04-25 02:06:17   626688   ----a-w-   C:\Windows\SysWow64\usp10.dll
2014-04-18 05:47:43   107368   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2014-04-12 02:22:05   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37   28160   ----a-w-   C:\Windows\System32\secur32.dll
2014-04-12 02:19:32   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05   31232   ----a-w-   C:\Windows\System32\lsass.exe
2014-04-12 02:12:06   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-04-11 05:47:34   107368   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll.001.bak
2014-04-05 02:47:20   1903552   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09   288192   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48   2002432   ----a-w-   C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48   1882112   ----a-w-   C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50   1389056   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50   1237504   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 16:21:35.19 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2009 5:07:53 PM
System Uptime: 6/15/2014 4:16:17 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0U880P
Processor: Pentium(R) Dual-Core  CPU      E5300  @ 2.60GHz | CPU 1 | 2603/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 532.349 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1134: 5/17/2014 3:00:10 AM - Windows Update
RP1135: 5/18/2014 3:00:10 AM - Windows Update
RP1136: 5/19/2014 3:00:10 AM - Windows Update
RP1137: 5/19/2014 12:58:06 PM - Windows Update
RP1138: 5/20/2014 3:00:10 AM - Windows Update
RP1139: 5/21/2014 3:00:10 AM - Windows Update
RP1140: 5/22/2014 3:00:10 AM - Windows Update
RP1141: 5/23/2014 3:00:10 AM - Windows Update
RP1142: 5/24/2014 3:00:10 AM - Windows Update
RP1143: 5/25/2014 3:00:10 AM - Windows Update
RP1144: 5/26/2014 3:00:10 AM - Windows Update
RP1145: 5/27/2014 3:00:10 AM - Windows Update
RP1146: 5/28/2014 3:00:10 AM - Windows Update
RP1147: 5/29/2014 3:00:11 AM - Windows Update
RP1148: 5/30/2014 3:00:10 AM - Windows Update
RP1149: 5/31/2014 3:00:10 AM - Windows Update
RP1150: 6/1/2014 3:00:11 AM - Windows Update
RP1151: 6/2/2014 3:00:10 AM - Windows Update
RP1152: 6/3/2014 3:00:10 AM - Windows Update
RP1153: 6/4/2014 3:00:10 AM - Windows Update
RP1154: 6/5/2014 3:00:11 AM - Windows Update
RP1155: 6/6/2014 3:00:11 AM - Windows Update
RP1156: 6/7/2014 3:00:11 AM - Windows Update
RP1157: 6/8/2014 3:00:10 AM - Windows Update
RP1158: 6/9/2014 3:00:10 AM - Windows Update
RP1159: 6/10/2014 3:00:10 AM - Windows Update
RP1160: 6/11/2014 3:00:11 AM - Windows Update
RP1161: 6/12/2014 3:00:14 AM - Windows Update
RP1162: 6/13/2014 3:00:12 AM - Windows Update
RP1163: 6/14/2014 3:00:10 AM - Windows Update
RP1164: 6/15/2014 3:00:10 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Reader X (10.1.10)
Adobe Shockwave Player 11.5
Around the World in 80 Days (remove only)
BufferChm
BVHE-Beauty and the Beast Magical Ballroom
C309g-m
Compatibility Pack for the 2007 Office system
Cook'n
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Destinations
DeviceDiscovery
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Premium C309g-m All-in-One Driver Software 13.0 Rel. 6
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel(R) Graphics Media Accelerator Driver
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 26
Junk Mail filter update
LogMeIn
magicJack
Malwarebytes Anti-Malware version 2.0.2.1012
Manuals Finder
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR Genie
Network64
PowerDVD DX
PS_AIO_06_C309g-m_SW_Min
QuickTime
Realtek High Definition Audio Driver
Robots Print Studio
Roxio Burn
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spirit (remove only)
Status
Toolbox
TrayApp
Unity Web Player
Updater
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Yahoo! Install Manager
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
6/15/2014 3:01:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).
6/12/2014 3:54:09 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
.
==== End Of File ===========================

ImScrewed

#1
June 15, 2014, 11:27:24 PM
 Results of screen317's Security Check version 0.99.84 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Microsoft Security Essentials   
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java(TM) 6 Update 26 
Java version out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date! 
Google Chrome 32.0.1700.72 
Google Chrome 32.0.1700.76 
````````Process Check: objlist.exe by Laurent````````[/u] 
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]

Corrine

#2
June 16, 2014, 02:07:03 AM
We're happy to help you clean your mother-in-law's computer!

1.  Considering the version of Java installed on her computer, she's actually fortunate she hasn't had more serious problems than Conduit and the like.  Please uninstall the following:

Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 26

If your mother-in-law plays online games on the computer, she will probably want Java installed.  In that case, download the most recent version from here:  Java Version 7 Update 55.  Please watch carefully and uncheck any prechecked options.  They are not needed for the update. 

On the other hand, if she doesn't not play online games, one less target for malware and one less program to update if it isn't installed.  I don't have Java on my computer and haven't needed it.

2.  Adobe Reader is also out of date.  The most recent version of Adobe Reader XI (11.0.06) for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.  If McAfee scan or any other extras are offered, please uncheck as they are not needed with the update.

3.  Please download Junkware Removal Tool to your desktop.  <--Note:  The provided link is a direct download link.  Please save it to your desktop!  If JRT does not want to run, move on to the next set of instructions.

  • Close all open programs and internet browsers.
  • Run the tool by double-clicking it.  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
4.  Please download Adware Cleaner by Xplode to your Desktop.  <--Note:  The provided link is a direct download link.  Please save it to your desktop!

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions