Bill James

August 31, 2012

There are no issues other than the original post re: the ATT email account being hacked. We were concerned that there may have been some malware on the system responsible for this. Thank you (!), Maniac, for your assistance.

August 30, 2012

Thank you for your continued hep, Maniac...

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d93797173e4196478e0d4cc009dd94b4

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-30 04:35:47

# local_time=2012-08-29 09:35:47 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776573 100 100 0 182901676 0 0

# compatibility_mode=8206 39157117 100 88 0 15051340 0 0

# scanned=271509

# found=0

# cleaned=0

# scan_time=7199

# nod_component=V3 Build:0x30000000

August 29, 2012

Sorry for the misunderstanding... below are current log files from MBAM quick scan in normal mode and DDS. Thank you.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.28.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

David :: DAVID-PC [administrator]

Protection: Enabled

8/29/2012 11:57:18 AM

mbam-log-2012-08-29 (11-57-18).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 195401

Time elapsed: 24 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

==================================================================================================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by David at 12:35:16 on 2012-08-29

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1866 [GMT

-7:00]

.

AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-

21771CA47CD1}

SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-

1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} -

c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program

files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program

files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [swg] "c:\program

files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software

update\HPWuSchd2.exe"

mRun: [hpqSRMon] "c:\program files\hewlett-packard\digital

imaging\bin\hpqSRMon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0

\reader\Reader_sl.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement

pack\default manager\DefMgr.exe" -resume

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java

update\jusched.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide

/waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-

malware\mbamgui.exe" /starttray

StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1

\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12

\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk

- c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1

\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

c:\programs\partygaming\partypoker\RunApp.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}

- c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

- c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} -

hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B8E53531-F29E-4180-AE3E-DF485CC8BE32} -

hxxp://aferrara.viewnetcam.com:5000/JpegInstV4.cab

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A8F0C4E5-AB83-487F-86B7-528ABA553ACC} : DhcpNameServer =

192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath -

c:\users\david\appdata\roaming\mozilla\firefox\profiles\jwi7iyym.default\

FF - prefs.js: browser.search.selectedEngine - search

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7

\npapicomadapter.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program

files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program

files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program

files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-

08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-

08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]

R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys

[2012-3-14 33656]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7

913144]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation [2008-6-6 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-

malware\mbamservice.exe [2012-6-3 655944]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search &

destroy\SDWinSec.exe [2010-1-15 1153368]

R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-

15 15360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-3

22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-

18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program

files\google\update\GoogleUpdate.exe [2010-3-18 135664]

S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy

sweeper\SpySweeper.exe [2008-8-9 3585384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32

\macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250568]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE

[2011-2-28 183560]

S3 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\GoogleUpdate.exe [2010-3-18 135664]

S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-6 987648]

S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-6 251904]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe

[2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-28 16:00:41 7022536 ----a-w- c:\programdata\microsoft\windows

defender\definition updates\{3714a268-56a6-436f-813a-50b6e1976c11}\mpengine.dll

2012-08-16 20:41:58 623616 ----a-w- c:\windows\system32\localspl.dll

.

==================== Find3M ====================

.

2012-08-29 02:18:29 73416 ----a-w- c:\windows\system32

\FlashPlayerCPLApp.cpl

2012-08-29 02:18:29 696520 ----a-w- c:\windows\system32

\FlashPlayerApp.exe

2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32

\drivers\mbam.sys

2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-07 03:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32

\drivers\ksecdd.sys

2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll

.

============= FINISH: 12:35:54.09 ===============

===============================================================================================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS

LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/10/2007 7:03:06 AM

System Uptime: 8/29/2012 8:19:00 AM (4 hours

ago)

.

Motherboard: ASUSTek Computer INC. | | NARRA

Processor: AMD Athlon 64 X2 Dual Core

Processor 4200+ | Socket AM2 | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 225 GiB total, 109.538 GiB

free.

D: is FIXED (NTFS) - 8 GiB total, 0.909 GiB

free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-

08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0011

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #11

PNP Device ID: ROOT\*6TO4MP\0011

Service: tunnel

.

==== System Restore Points ===================

.

RP2248: 8/1/2012 9:09:38 AM - Scheduled

Checkpoint

RP2249: 8/2/2012 10:28:32 AM - Scheduled

Checkpoint

RP2250: 8/3/2012 9:18:04 AM - Windows Update

RP2251: 8/4/2012 11:07:24 AM - Scheduled

Checkpoint

RP2252: 8/5/2012 1:48:20 PM - Scheduled

Checkpoint

RP2253: 8/6/2012 11:45:16 AM - Scheduled

Checkpoint

RP2254: 8/16/2012 1:33:32 PM - Windows Update

RP2255: 8/17/2012 6:43:12 PM - Windows Update

RP2256: 8/21/2012 11:17:26 AM - Windows Update

RP2257: 8/22/2012 9:54:37 AM - Scheduled

Checkpoint

RP2258: 8/23/2012 9:18:10 PM - Scheduled

Checkpoint

RP2259: 8/24/2012 12:04:38 PM - Scheduled

Checkpoint

RP2260: 8/25/2012 11:52:40 AM - Scheduled

Checkpoint

RP2261: 8/26/2012 1:32:16 PM - Scheduled

Checkpoint

RP2262: 8/27/2012 9:35:37 PM - Scheduled

Checkpoint

RP2263: 8/28/2012 8:56:00 AM - Windows Update

RP2264: 8/29/2012 8:54:51 AM - Scheduled

Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

7500_7600_7700_Help

Activation Assistant for the 2007 Microsoft

Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Media Player

Adobe Reader 8.1.3

Adobe Shockwave Player 11.6

Apple Application Support

Apple Software Update

Bing Bar

Bing Rewards Client Installer

Bonjour

Bookworm Deluxe

BPD_HPSU

BPD_Scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Cards_Calendar_OrderGift_DoMorePlugout

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

Enhanced Multimedia Keyboard Solution

ESET Online Scanner v3

ESET Smart Security

eSupportQFolder

Fax

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1

(KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1

(KB958484)

HP Connections (remove only)

HP Customer Experience Enhancements

HP Customer Feedback

HP Customer Participation Program 8.0

HP Easy Setup - Core

HP Easy Setup - Frontend

HP Imaging Device Functions 8.0

HP Officejet Pro All-In-One Series

HP On-Screen Caps/Num/Scroll Lock Indicator

HP Photosmart Essential 2.5

HP Photosmart Essential 3.0

HP Picasso Media Center Add-In

HP Print Diagnostic Utility

HP Solution Center 8.0

HP Total Care Advisor

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

iTunes

J2SE Runtime Environment 5.0 Update 17

Java Auto Updater

Java 6 Update 26

Kidspiration 2

L7500

LightScribe 1.4.136.1

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update

(KB2656353)

Microsoft .NET Framework 1.1 Security Update

(KB2656370)

Microsoft .NET Framework 1.1 Security Update

(KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service

Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI

(English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual C++ 2005 ATL Update kb973923 -

x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Web Publishing Wizard 1.52

Microsoft Works

Mozilla Firefox (3.6.21)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Drivers

OGA Notifier 2.0.0048.0

ProductContext

PSSWCORE

Python 2.4.3

QuickTime

Realtek High Definition Audio Driver

Rhapsody Player Engine

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD Basic v9

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5

SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5

SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4

Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites

(KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites

(KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007

(KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath

2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint

2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint

2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007

(KB2596917) 32-Bit Edition

Soft Data Fax Modem with SmartCP

SolutionCenter

Spy Sweeper Core

Spybot - Search & Destroy

Status

Super TextTwist

swMSM

Text Twist

Text Twist 2

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System

(KB967642)

Update for Microsoft .NET Framework 3.5 SP1

(KB963707)

Update for Microsoft .NET Framework 4 Client

Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client

Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client

Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common

Features (KB963673)

Update for Microsoft Office Excel 2007 Help

(KB963678)

Update for Microsoft Office OneNote 2007 Help

(KB963670)

Update for Microsoft Office Powerpoint 2007 Help

(KB963669)

Update for Microsoft Office Script Editor Help

(KB963671)

Update for Microsoft Office Word 2007 Help

(KB963665)

VideoToolkit01

WebReg

Windows Live ID Sign-in Assistant

Windows Live OneCare safety scanner

.

==== Event Viewer Messages From Past Week

========

.

8/29/2012 8:03:19 AM, Error: Service Control

Manager [7026] - The following boot-start or

system-start driver(s) failed to load: i8042prt

8/29/2012 8:03:19 AM, Error: Service Control

Manager [7009] - A timeout was reached (30000

milliseconds) while waiting for the Webroot Spy

Sweeper Engine service to connect.

8/29/2012 8:03:19 AM, Error: Service Control

Manager [7000] - The Webroot Spy Sweeper Engine

service failed to start due to the following

error: The service did not respond to the start

or control request in a timely fashion.

8/29/2012 8:03:19 AM, Error: Service Control

Manager [7000] - The Parallel port driver

service failed to start due to the following

error: The service cannot be started, either

because it is disabled or because it has no

enabled devices associated with it.

8/29/2012 11:58:49 AM, Error: Microsoft-Windows

-Dhcp-Client [1002] - The IP address lease

192.168.1.6 for the Network Card with network

address 001A926A41B7 has been denied by the DHCP

server 0.0.0.0 (The DHCP Server sent a DHCPNACK

message).

8/28/2012 8:54:12 AM, Error: Microsoft-Windows-

Dhcp-Client [1002] - The IP address lease

192.168.1.3 for the Network Card with network

address 001A926A41B7 has been denied by the DHCP

server 0.0.0.0 (The DHCP Server sent a DHCPNACK

message).

8/28/2012 7:28:59 PM, Error: Service Control

Manager [7001] - The Network List Service

service depends on the Network Location

Awareness service which failed to start because

of the following error: The dependency service

or group failed to start.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7026] - The following boot-start or

system-start driver(s) failed to load: AFD DfsC

eamonm ehdrv EpfwLWF i8042prt NetBIOS netbt

nsiproxy PSched RasAcd rdbss Smb spldr tdx

Wanarpv6

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The Workstation service

depends on the Network Store Interface Service

service which failed to start because of the

following error: The dependency service or

group failed to start.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The WebDav Client Redirector

Driver service depends on the Redirected

Buffering Sub Sysytem service which failed to

start because of the following error: A device

attached to the system is not functioning.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The WebClient service depends

on the WebDav Client Redirector Driver service

which failed to start because of the following

error: The dependency service or group failed

to start.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The TCP/IP NetBIOS Helper

service depends on the Ancilliary Function

Driver for Winsock service which failed to start

because of the following error: A device

attached to the system is not functioning.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The SMB MiniRedirector Wrapper

and Engine service depends on the Redirected

Buffering Sub Sysytem service which failed to

start because of the following error: A device

attached to the system is not functioning.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The SMB 2.0 MiniRedirector

service depends on the SMB MiniRedirector

Wrapper and Engine service which failed to start

because of the following error: The dependency

service or group failed to start.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The SMB 1.x MiniRedirector

service depends on the SMB MiniRedirector

Wrapper and Engine service which failed to start

because of the following error: The dependency

service or group failed to start.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The Network Store Interface

Service service depends on the NSI proxy service

service which failed to start because of the

following error: A device attached to the

system is not functioning.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The Network Location Awareness

service depends on the Network Store Interface

Service service which failed to start because of

the following error: The dependency service or

group failed to start.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The IP Helper service depends

on the Network Store Interface Service service

which failed to start because of the following

error: The dependency service or group failed

to start.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The DNS Client service depends

on the NetIO Legacy TDI Support Driver service

which failed to start because of the following

error: A device attached to the system is not

functioning.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The DHCP Client service

depends on the Ancilliary Function Driver for

Winsock service which failed to start because of

the following error: A device attached to the

system is not functioning.

8/28/2012 7:28:53 PM, Error: Service Control

Manager [7001] - The Computer Browser service

depends on the Server service which failed to

start because of the following error: The

dependency service or group failed to start.

8/28/2012 7:28:51 PM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with

arguments "" in order to run the server:

{9E175B6D-F52A-11D8-B9A5-505054503030}

8/28/2012 7:28:51 PM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with

arguments "" in order to run the server:

{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/28/2012 7:28:04 PM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1068"

attempting to start the service netprofm with

arguments "" in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}

8/28/2012 7:28:04 PM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1068"

attempting to start the service netman with

arguments "" in order to run the server:

{BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/28/2012 7:28:04 PM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1068"

attempting to start the service fdPHost with

arguments "" in order to run the server:

{145B4335-FE2A-4927-A040-7C35AD3180EF}

8/28/2012 7:28:00 PM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service EventSystem with

arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

8/28/2012 7:27:52 PM, Error: Microsoft-Windows-

DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service ShellHWDetection

with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}

8/28/2012 7:24:11 PM, Error: Service Control

Manager [7034] - The SBSD Security Center

Service service terminated unexpectedly. It has

done this 1 time(s).

8/27/2012 3:52:43 PM, Error: Microsoft-Windows-

Dhcp-Client [1002] - The IP address lease

192.168.1.2 for the Network Card with network

address 001A926A41B7 has been denied by the DHCP

server 0.0.0.0 (The DHCP Server sent a DHCPNACK

message).

8/26/2012 7:34:21 AM, Error: Service Control

Manager [7011] - A timeout (30000 milliseconds)

was reached while waiting for a transaction

response from the ShellHWDetection service.

.

==== End Of File ===========================

August 29, 2012

Hello Maniac... thank you for your assistance.

I performed the steps you suggested for Teatimer. MBAM did perform a Quick Scan in Safe Mode. The new logs you requested are below...

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.28.01

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

David :: DAVID-PC [administrator]

8/28/2012 7:28:52 PM

mbam-log-2012-08-28 (19-28-52).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 193239

Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

-------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by David at 19:40:57 on 2012-08-28

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.2004 [GMT

-7:00]

.

AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-

21771CA47CD1}

SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-

1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe