Jump to content

djscotty

Honorary Members
  • Posts

    45
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Unfortunately, I was thinking the same thing... Fortunately, I have a very good repair guy right around the corner... Thanks so much for your help TwinHeadedEagle!!!!
  2. Ok... I restarted windows normally and attempted to return here... After about a 10 minute hang everything on my desktop disappeared for about 5 minutes. Shortly after everything returned I got Windows Explorer has stopped woking and trying to restart, followed by "remote procedure call failed" I returned here after restarting in safe mode....
  3. I didn't want to do anything until I got your response.. I will give it a try and let you know!!!
  4. Thanks for your help TwinHeadedEagle!!! Log Name: Application Source: Microsoft-Windows-Wininit Date: 7/7/2015 9:30:33 AM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: User-PC Description: Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 211712 file records processed. File verification completed. 474 large file records processed. 0 bad file records processed. 2 EA records processed. 47 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 272350 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 211712 file SDs/SIDs processed. Cleaning up 43 unused index entries from index $SII of file 0x9. Cleaning up 43 unused index entries from index $SDH of file 0x9. Cleaning up 43 unused security descriptors. Security descriptor verification completed. 30320 data files processed. CHKDSK is verifying Usn Journal... 37286976 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... Read failure with status 0xc0000185 at offset 0x269910000 for 0x2000 bytes. Read failure with status 0xc0000185 at offset 0xffd06000 for 0x10000 bytes. Read failure with status 0xc0000185 at offset 0xffd16000 for 0x10000 bytes. Read failure with status 0xc0000185 at offset 0xffd19000 for 0x1000 bytes. Read failure with status 0xc0000185 at offset 0xffd1a000 for 0x10000 bytes. Read failure with status 0xc0000185 at offset 0xffe0a000 for 0x2000 bytes. Read failure with status 0xc0000185 at offset 0xffe0e000 for 0x1000 bytes. Windows replaced bad clusters in file 59522 of name \Windows\System32\config\COMPON~2. 211696 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 125026066 free clusters processed. Free space verification is complete. Adding 1 bad clusters to the Bad Clusters File. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 625027071 KB total disk space. 124494808 KB in 154011 files. 93140 KB in 30321 indexes. 248 KB in bad sectors. 334611 KB in use by the system. 65536 KB occupied by the log file. 500104264 KB available on disk. 4096 bytes in each allocation unit. 156256767 total allocation units on disk. 125026066 allocation units available on disk. Internal Info: 00 3b 03 00 17 d0 02 00 aa 32 05 00 00 00 00 00 .;.......2...... 24 37 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 $7../........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-07-07T16:30:33.000000000Z" /> <EventRecordID>15190</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>User-PC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 211712 file records processed. File verification completed. 474 large file records processed. 0 bad file records processed. 2 EA records processed. 47 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 272350 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 211712 file SDs/SIDs processed. Cleaning up 43 unused index entries from index $SII of file 0x9. Cleaning up 43 unused index entries from index $SDH of file 0x9. Cleaning up 43 unused security descriptors. Security descriptor verification completed. 30320 data files processed. CHKDSK is verifying Usn Journal... 37286976 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... Read failure with status 0xc0000185 at offset 0x269910000 for 0x2000 bytes. Read failure with status 0xc0000185 at offset 0xffd06000 for 0x10000 bytes. Read failure with status 0xc0000185 at offset 0xffd16000 for 0x10000 bytes. Read failure with status 0xc0000185 at offset 0xffd19000 for 0x1000 bytes. Read failure with status 0xc0000185 at offset 0xffd1a000 for 0x10000 bytes. Read failure with status 0xc0000185 at offset 0xffe0a000 for 0x2000 bytes. Read failure with status 0xc0000185 at offset 0xffe0e000 for 0x1000 bytes. Windows replaced bad clusters in file 59522 of name \Windows\System32\config\COMPON~2. 211696 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 125026066 free clusters processed. Free space verification is complete. Adding 1 bad clusters to the Bad Clusters File. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 625027071 KB total disk space. 124494808 KB in 154011 files. 93140 KB in 30321 indexes. 248 KB in bad sectors. 334611 KB in use by the system. 65536 KB occupied by the log file. 500104264 KB available on disk. 4096 bytes in each allocation unit. 156256767 total allocation units on disk. 125026066 allocation units available on disk. Internal Info: 00 3b 03 00 17 d0 02 00 aa 32 05 00 00 00 00 00 .;.......2...... 24 37 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 $7../........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event>
  5. Sorry.. I believe the instructions said to copy and paste Reports attached Thanks for your help!!! FRST.txt Addition.txt
  6. Hangs crashes occasionally restarts sometimes with a quick flash of BSOD which doesn't appear long enough to get any info.... Widows explorer stops working sometimes... Windows update does not work or show any updates at all Chkdsc has replaced a few bad clusters. Previous scan with Super Anti Spyware showed no errors, today's scan froze and crashed... Just completed MBAM scan with no errors...I am running in safe mode with networking at this time... FRST logs below... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015 Ran by User (administrator) on USER-PC on 06-07-2015 12:49:57 Running from C:\Users\User\Documents\Programs Loaded Profiles: User (Available Profiles: User) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-23] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-06-10] (SUPERAntiSpyware) HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\MountPoints2: {6f7b4290-4fd3-11e4-961c-0022684728d4} - E:\launcher.exe HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\MountPoints2: {7ab38629-651d-11e4-bf49-0022684728d4} - J:\HTC_Sync_Manager_PC.exe Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-09-16] ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-06-25] ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4256741779-1254924251-658174128-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/ HKU\S-1-5-21-4256741779-1254924251-658174128-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-4256741779-1254924251-658174128-1000 -> {6F452E27-87DA-4FE7-8E97-489910D74B32} URL = https://www.google.com/search?q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-4256741779-1254924251-658174128-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{14DE41BF-45B5-481C-A5D0-0326BE9AB470}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bo7gvxx3.default FF Homepage: https://www.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-18] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-18] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-15] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-15] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-15] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-15] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-15] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-15] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-15] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-06] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 12:49 - 2015-07-06 12:49 - 00000000 ____D C:\FRST 2015-07-06 12:31 - 2015-07-06 12:31 - 00270056 _____ C:\Windows\Minidump\070615-8892-01.dmp 2015-07-06 11:39 - 2015-07-06 11:39 - 00282120 _____ C:\Windows\Minidump\070615-10873-01.dmp 2015-07-02 13:22 - 2015-07-06 12:25 - 00000000 ____D C:\Users\User\Documents\SysnativeFileCollectionApp 2015-07-01 17:23 - 2015-07-01 17:23 - 00003560 ____N C:\bootsqm.dat 2015-06-30 19:55 - 2015-06-30 19:55 - 00274408 _____ C:\Windows\Minidump\063015-12448-01.dmp 2015-06-30 15:58 - 2015-06-30 15:58 - 00282120 _____ C:\Windows\Minidump\063015-12058-01.dmp 2015-06-30 14:29 - 2015-06-30 14:29 - 00274408 _____ C:\Windows\Minidump\063015-10920-01.dmp 2015-06-30 14:19 - 2015-06-30 14:19 - 00282120 _____ C:\Windows\Minidump\063015-11637-01.dmp 2015-06-29 15:02 - 2015-06-29 15:02 - 00282120 _____ C:\Windows\Minidump\062915-11388-01.dmp 2015-06-25 16:53 - 2015-06-25 16:53 - 00282120 _____ C:\Windows\Minidump\062515-11731-01.dmp 2015-06-24 17:17 - 2015-06-24 17:17 - 00282120 _____ C:\Windows\Minidump\062415-14180-01.dmp 2015-06-23 18:42 - 2015-06-23 18:42 - 00282120 _____ C:\Windows\Minidump\062315-14024-01.dmp 2015-06-19 20:35 - 2015-06-19 20:35 - 00282120 _____ C:\Windows\Minidump\061915-13993-01.dmp 2015-06-17 11:15 - 2015-06-17 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-06-11 13:31 - 2015-06-11 13:31 - 00000000 ____D C:\Users\User\AppData\Local\Hewlett-Packard 2015-06-11 11:19 - 2015-06-11 11:19 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2015-06-11 11:18 - 2015-06-11 11:18 - 05197824 _____ C:\Users\User\Downloads\HPSupportSolutionsFramework-11.51.0049.msi 2015-06-10 15:55 - 2015-06-10 15:55 - 00448512 _____ (OldTimer Tools) C:\Users\User\Downloads\TFC.exe 2015-06-10 15:38 - 2015-06-10 15:38 - 00009345 _____ C:\Users\User\Downloads\courtesy-cleaner-stantonpc.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 12:43 - 2014-09-12 15:42 - 01645416 _____ C:\Windows\WindowsUpdate.log 2015-07-06 12:37 - 2015-01-22 16:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-06 12:37 - 2015-01-22 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-06 12:37 - 2015-01-22 16:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-06 12:31 - 2015-01-02 22:20 - 337968877 _____ C:\Windows\MEMORY.DMP 2015-07-06 12:31 - 2015-01-02 22:20 - 00000000 ____D C:\Windows\Minidump 2015-07-06 11:43 - 2014-09-15 08:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-06 11:43 - 2014-09-15 08:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-06 11:42 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-06 11:41 - 2014-11-21 17:16 - 00015872 _____ C:\Windows\setupact.log 2015-07-06 11:01 - 2009-07-13 21:45 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-06 11:00 - 2009-07-13 21:45 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-06 10:52 - 2009-07-13 22:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-30 18:35 - 2009-07-13 22:13 - 00802762 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-25 10:56 - 2014-12-23 10:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-23 10:44 - 2014-09-15 08:14 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-19 14:26 - 2006-01-11 12:29 - 00000000 ____D C:\Users\User\Documents\CPRMatters 2015-06-18 10:53 - 2014-09-15 14:41 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-18 10:53 - 2014-09-15 14:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-18 10:53 - 2014-09-15 14:34 - 00000000 ____D C:\Users\User\AppData\Local\Adobe 2015-06-18 08:41 - 2015-01-22 16:56 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-18 08:41 - 2015-01-22 16:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-18 08:41 - 2015-01-22 16:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-17 11:25 - 2014-09-18 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-17 11:25 - 2010-11-20 20:47 - 00079328 _____ C:\Windows\PFRO.log 2015-06-16 14:27 - 2014-09-22 13:24 - 00000000 ____D C:\ProgramData\pdf995 2015-06-16 14:12 - 2014-09-22 13:24 - 00000059 _____ C:\Windows\wpd99.drv 2015-06-11 10:39 - 2015-01-22 17:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware ==================== Files in the root of some directories ======= 2014-10-09 16:40 - 2014-10-09 16:40 - 0000000 _____ () C:\Users\User\AppData\Roaming\monFDE.log 2015-01-22 16:08 - 2015-01-22 16:08 - 0166712 _____ () C:\Users\User\AppData\Local\ars.cache 2015-01-22 16:08 - 2015-01-22 16:08 - 0216714 _____ () C:\Users\User\AppData\Local\census.cache 2015-01-22 16:01 - 2015-01-22 16:01 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache 2015-01-06 19:38 - 2015-01-06 19:38 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg 2015-01-22 16:07 - 2015-01-22 16:07 - 0000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache 2014-09-16 13:22 - 2014-09-16 13:22 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-23 13:08 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015 Ran by User at 2015-07-06 12:50:24 Running from C:\Users\User\Documents\Programs Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4256741779-1254924251-658174128-500 - Administrator - Disabled) Guest (S-1-5-21-4256741779-1254924251-658174128-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4256741779-1254924251-658174128-1003 - Limited - Enabled) User (S-1-5-21-4256741779-1254924251-658174128-1000 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{D386AA62-CC9D-213D-BCD3-1FF53F7B8BAC}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4256741779-1254924251-658174128-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla) Pdf995 (HKLM-x32\...\Pdf995) (Version: 14.2s - ) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (06/22/2009 6.0.64.0059) (HKLM\...\7F4303078887B33BF9E472598BB463CBE007C68E) (Version: 06/22/2009 6.0.64.0059 - YUAN TV DRIVER) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4256741779-1254924251-658174128-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2FEB8BC2-EB20-4A4A-B77A-E9985C569403} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated) Task: {43600D62-38FF-4E26-8A20-7EB174884B3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.) Task: {46CD3BB0-7A06-4398-BEC9-1BBDA61FA55C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4256741779-1254924251-658174128-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{EA88E3D8-0242-4FB8-A3DB-AA4550D527D6}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{ED707ADA-C905-472E-A9BB-E55FDF1A490A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{AEA01F53-B2EA-4C8F-BE01-E00474046029}] => (Allow) LPort=2869 FirewallRules: [{42C00142-808B-461F-9221-9CF827F0C583}] => (Allow) LPort=1900 FirewallRules: [{4BAA6270-5C0D-4375-999C-EBA1EDC1453E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{727D58E0-1EC8-456C-9244-CA723CA5E531}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{7C0C9E91-F83D-4E8B-835A-CF05A1B68076}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{07383412-97D1-4128-AB3E-E8C93B69DE7F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{A1A788D9-5C9B-4AAF-BB13-5784AAC497B2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{F3BA39DF-0ABA-4067-BED0-3252B9DD5A09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{0BBB03A0-883F-4C53-81BE-7F4FE6359EEE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{99BC1E35-FCDB-4A67-9C03-49650501829A}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javacpl.exe FirewallRules: [{389419F4-9E6D-4214-87C7-2E3793412925}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javacpl.exe FirewallRules: [{9830FAD6-6B39-455B-A04F-8346F0F978A8}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javacpl.exe FirewallRules: [{6417C46B-0852-4021-8358-4BB40A3913E3}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\javacpl.exe FirewallRules: [{38245B97-297A-4DBA-AC3B-A23AA51A1A7A}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS423C\HPDiagnosticCoreUI.exe FirewallRules: [{47F475B0-EECA-461E-98C7-94F0CDE8991E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS423C\HPDiagnosticCoreUI.exe FirewallRules: [{15F5AAFF-95A8-41D6-9108-30571B71626D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B77A44EC-4AC3-4A49-8B63-BF2428AB0665}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{1BECF49A-14CC-4850-9980-4A182BD76D2D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{DDF4B675-6D6A-49BD-A2C3-D2E4849B3F6C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{D18212E1-2E52-4D98-8BB4-874001A6FEBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1CAC2810-9DA7-41F6-A0FF-2A25DA1D6E88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9314AAD9-6EAD-4B44-BE2D-34992AE74F87}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{03C37331-46B6-414E-AEA8-576219C5F570}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{82AA9580-1708-4CB3-AD7A-8C8C307CCE29}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{9762C2A6-90BA-4CED-8372-9D76FA0D1AE8}C:\users\user\appdata\local\temp\7zs01a4\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs01a4\enterprisedu.exe FirewallRules: [uDP Query User{715D465C-0886-4305-837F-40342D7F387B}C:\users\user\appdata\local\temp\7zs01a4\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs01a4\enterprisedu.exe FirewallRules: [TCP Query User{27BB2F88-9D55-441C-A3C5-FFE4A67467E4}C:\users\user\appdata\local\temp\7zs163a\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs163a\enterprisedu.exe FirewallRules: [uDP Query User{501BC1D8-2C23-4CFB-8D1D-5185D3D2D12C}C:\users\user\appdata\local\temp\7zs163a\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs163a\enterprisedu.exe FirewallRules: [TCP Query User{1231AF12-2FEA-4148-BD6A-586645793A54}C:\users\user\appdata\local\temp\7zs20a6\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs20a6\enterprisedu.exe FirewallRules: [uDP Query User{B7823D46-EE94-4A1B-A115-7AF10DA914AB}C:\users\user\appdata\local\temp\7zs20a6\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs20a6\enterprisedu.exe FirewallRules: [{09EF79C4-04AE-4ABB-80E5-3E189267BC10}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Consumer IR Devices Description: Consumer IR Devices Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: circlass Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: eHome Infrared Receiver (USBCIR) Description: eHome Infrared Receiver (USBCIR) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Microsoft Service: usbcir Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (07/06/2015 00:33:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 11:49:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 11:17:05 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Windows\Prefetch\AgRobust.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgRobust.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (07/06/2015 11:17:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000001d143 Faulting process id: 0x13c8 Faulting application start time: 0xsvchost.exe_SysMain0 Faulting application path: svchost.exe_SysMain1 Faulting module path: svchost.exe_SysMain2 Report Id: svchost.exe_SysMain3 Error: (07/06/2015 11:14:58 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Antimalware Service Executable because of this error. Program: Antimalware Service Executable File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 0 Error: (07/06/2015 11:14:58 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Windows\System32\imaadp32.acm for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Tasks because of this error. Program: Host Process for Windows Tasks File: C:\Windows\System32\imaadp32.acm The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (07/06/2015 11:14:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb Faulting module name: mpengine.dll, version: 1.1.11804.0, time stamp: 0x557a8cde Exception code: 0xc0000006 Fault offset: 0x00000000004a5ec3 Faulting process id: 0x314 Faulting application start time: 0xMsMpEng.exe0 Faulting application path: MsMpEng.exe1 Faulting module path: MsMpEng.exe2 Report Id: MsMpEng.exe3 Error: (07/06/2015 11:14:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: taskhost.exe, version: 6.1.7601.18010, time stamp: 0x50aee9f3 Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864 Exception code: 0xc0000006 Fault offset: 0x00000000000393eb Faulting process id: 0x668 Faulting application start time: 0xtaskhost.exe0 Faulting application path: taskhost.exe1 Faulting module path: taskhost.exe2 Report Id: taskhost.exe3 Error: (07/06/2015 11:09:01 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Windows\System32\dbgeng.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Windows Problem Reporting because of this error. Program: Windows Problem Reporting File: C:\Windows\System32\dbgeng.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (07/06/2015 11:07:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WerFault.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc607 Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864 Exception code: 0xc0000006 Fault offset: 0x0000000000054144 Faulting process id: 0xd38 Faulting application start time: 0xWerFault.exe0 Faulting application path: WerFault.exe1 Faulting module path: WerFault.exe2 Report Id: WerFault.exe3 System errors: ============= Error: (07/06/2015 00:50:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/06/2015 00:50:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/06/2015 00:50:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/06/2015 00:49:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/06/2015 00:49:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/06/2015 00:49:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/06/2015 00:49:29 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F} Error: (07/06/2015 00:49:29 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF} Error: (07/06/2015 00:48:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (07/06/2015 00:48:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office: ========================= Error: (06/30/2015 02:01:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 117 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/30/2015 01:56:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 656 seconds with 300 seconds of active time. This session ended with a crash. Error: (06/30/2015 09:47:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 213 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/30/2015 09:45:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 582 seconds with 60 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-06-20 10:23:42.330 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz Percentage of memory in use: 22% Total physical RAM: 4094.18 MB Available physical RAM: 3174.71 MB Total Virtual: 8186.54 MB Available Virtual: 7105.18 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.07 GB) (Free:476.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B14BFCDD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS) ==================== End of log ============================
  7. Thanks again for all your help. Have a concern about Fox It Reader I always research any new software and updates I may be installing, so I looked it up on C-net and I would like you to take a look http://download.cnet.com/Foxit-Reader/3000-18497_4-10313206.html It seems that it got glowing reviews up until version 5 I noticed the C-net review is dated May 26, 2011 (for version 5) and the latest version is 6.0.6.0722 which was released July 29, 2013 The user reviews toward the bottom of the page concern me (specifically the 3rd and 4th ones) they appear to come from folks that have used this software for a long time and now are unhappy with the newer versions. I deal with PDF files quite a bit, and even have the need to create them once in a while I have a VERY old version of Acrobat (5.0) that has served me well for many years. Should I delete the Reader and just stick solely to my Acrobat, or do you have any other advice on this matter?? This is my office computer at work and is nearly 10 years old and my boss and I have been talking about a possible upgrade in the not too distant future... I am working on the rest of the list and will be in touch again tomorrow!! Thanks, Scotty
  8. Hi MrC Computer running pertty well so far this morning Here's the next report Thanks!! Results of screen317's Security Check version 0.99.73 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! ESET Online Scanner v3 SonicStage Mastering Studio Audio Filter Custom Preset Norton Internet Security `````````Anti-malware/Other Utilities Check:````````` Out of date Spybot installed! Spybot - Search & Destroy 1.5.2.20 SpySubtract Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (23.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````
  9. Seems to be doing a lot better. The real test will be after a full days work, This is the office computer for my job and receives quite a workout each day. Faster than it has been in several months tho... Thanks!!
  10. MrC Here are the next set of reports. as far as performance, My browser seemed to be a bit quicker, but Malwarebytes still took about 35 mins to perform a quick scan Like the pic of you and your doggies.. the one on your left looks like a pup, Very Cute!! Animal folks here!! # AdwCleaner v3.005 - Report created 24/09/2013 at 15:38:37 # Updated 22/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Front Office - SCOTTY # Running from : C:\Documents and Settings\Front Office\My Documents\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : HKLM\Software\Description Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Documents and Settings\Front Office\Application Data\Mozilla\Firefox\Profiles\78y1hkt5.default\prefs.js ] ************************* AdwCleaner[R0].txt - [2180 octets] - [24/09/2013 15:15:56] AdwCleaner[s0].txt - [2127 octets] - [24/09/2013 15:38:37] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2187 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.24.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Front Office :: SCOTTY [administrator] 9/24/2013 4:04:28 PM mbam-log-2013-09-24 (16-04-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 276809 Time elapsed: 36 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\RECYCLER\S-1-5-21-1149959798-2756395348-2559181239-1006\Dc1.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully. C:\Documents and Settings\Front Office\Local Settings\Temp\FreemakeVideoConverter_4.0.1.8.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. (end)
  11. Hi MrC, Thanks again for your help!! I have run ADwCleaner and am a bit counfused about the results so I have posted the log for your review and next steps... Thanks!! # AdwCleaner v3.005 - Report created 24/09/2013 at 15:15:56 # Updated 22/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Front Office - SCOTTY # Running from : C:\Documents and Settings\Front Office\My Documents\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\Software\Description Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Documents and Settings\Front Office\Application Data\Mozilla\Firefox\Profiles\78y1hkt5.default\prefs.js ] ************************* AdwCleaner[R0].txt - [2040 octets] - [24/09/2013 15:15:56] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2100 octets] ##########
  12. Greetings!! You folks helped me out a couple years back and I was very happy and greatful for all your help. My computer has been running slow for the past couple weeks. I only have about 4GB available on a 180GB drive and just purchased a 1TB external harddrive to move a great deal of old files off my computer. Yesterday my computer became extremely slow so I decided to run a quick scan with Malwarebytes and found "PUP.Optional.OpenCandy" I was hoping you could help me remove this, and take a look for any other potential problems. I have run DDS and the 2 logs (DDS.txt and attach.txt) are copied below. Thanks, in advance, for your assistance!! Scotty DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by Front Office at 13:56:58 on 2013-09-24 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.876 [GMT -7:00] . . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uInternet Connection Wizard,ShellNext = iexplore BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\18.7.2.3\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe StartupFolder: c:\docume~1\fronto~1\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.1 TCP: Interfaces\{4F1C8CC6-78B8-4894-96EC-51BBD34AEAC9} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{E6ED8723-A09F-4456-9F20-EE4BBF3A4A9A} : DHCPNameServer = 192.168.1.1 192.168.1.1 Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\front office\application data\mozilla\firefox\profiles\78y1hkt5.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: !HIDDEN! 2009-12-09 12:14; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2 . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-12 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-12 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20130903.002\BHDrvx86.sys [2013-9-3 1097816] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-12 136312] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-7-17 161064] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?] R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-27 108120] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20130923.001\IDSXpx86.sys [2013-9-24 380832] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-24 40776] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20130924.001\NAVENG.SYS [2013-9-24 93272] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20130924.001\NAVEX15.SYS [2013-9-24 1612376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856] . =============== File Associations =============== . ShellExec: Acrodist.exe: open="c:\program files\adobe\acrobat 5.0\distillr\Acrodist.exe" . =============== Created Last 30 ================ . 2013-09-24 19:37:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-09-03 13:53:52 187248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2013-09-10 19:54:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-10 19:54:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll 2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll 2013-08-08 06:05:59 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-08-08 06:05:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll 2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys 2013-08-08 00:02:34 385024 ----a-w- c:\windows\system32\html.iec 2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-08-03 21:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll 2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 13:58:40.85 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 6/17/2005 3:37:00 PM System Uptime: 9/24/2013 12:30:06 PM (1 hours ago) . Motherboard: Intel Corporation | | D915GRO Processor: Intel® Pentium® 4 CPU 3.00GHz | J2E1 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 180 GiB total, 3.629 GiB free. D: is CDROM () E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (NTFS) - 932 GiB total, 931.328 GiB free. K: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 3100_3200_3300_Help 3100_3200_3300trb 32 Bit HP CIO Components Installer 3200 7500_7600_7700_Help 8500A909_eDocs 8500A909_Help 8500A909n AdMission Photo Uploader Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop 7.0 Adobe Reader X (10.1.8) Agere Systems PCI Soft Modem AiO_Scan_CDA AiOSoftwareNPI Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoStudio 5.5 ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver Belkin 54Mbps Wireless Network Adapter Bonjour BPD_DSWizards BPD_HPSU bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Canon CanoScan Toolbox 4.9 Canon i350 Canon ScanGear Starter Compatibility Pack for the 2007 Office system ContentManager CP_AtenaShokunin1Config CP_CalendarTemplates1 CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config Critical Update for Windows Media Player 11 (KB959772) CueTour CustomerResearchQFolder Destination Component DeviceDiscovery DeviceFunctionQFolder DocMgr DocProc DocumentViewer DocumentViewerQFolder Dropbox ESET Online Scanner v3 Fax Fax_CDA Freemake Video Converter version 4.0.1 FullDPAppQFolder Garmin Communicator Plugin with myGarmin Agent Garmin USB Drivers GdiplusUpgrade Google Earth Google SketchUp 6 Google SketchUp 7 Google Toolbar for Internet Explorer Google Update Helper Google Updater GPBaseService2 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Document Manager 2.0 HP Document Viewer 5.3 HP Driver Diagnostics HP Extended Capabilities 5.3 HP Image Zone 5.3 HP Imaging Device Functions 12.0 HP Officejet Pro 8600 Basic Device Software HP Officejet Pro 8600 Help HP Officejet Pro All-In-One Series HP Photosmart Essential HP Print Diagnostic Utility HP Product Detection HP PSC & OfficeJet 5.3.A HP Smart Web Printing HP Solution Center 12.0 HP Update HPPhotoSmartExpress HPProductAssistant Image Converter 2 InstantShareDevices InstantShareDevicesMFC Intel® Graphics Media Accelerator Driver Intel® PRO Network Adapters and Drivers InterVideo WinDVD for VAIO InterVideo WinDVDX ISScript iTunes Java 7 Update 25 Java Auto Updater L7700 Malwarebytes Anti-Malware version 1.75.0.1300 Manual CanoScan LiDE 60 MarketResearch Memory Stick Formatter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886904) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft IntelliPoint 6.3 Microsoft IntelliType Pro 6.3 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft SQL Server Desktop Engine (VAIO_VEDB) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Word Supplemental Templates and Wizards MoodLogic Mozilla Firefox 23.0.1 (x86 en-US) Mozilla Maintenance Service MPM MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Netscape Internet Service Setup Network NewCopy_CDA Norton Internet Security ODF Add-in for Microsoft Office Officejet Pro 8500 A909 Series OLYMPUS CAMEDIA Master 4.2 OmniPage SE 2.0 OpenMG Limited Patch 4.1-05-13-31-01 OpenMG Secure Module 4.1.00 Palm PanoStandAlone PhotoGallery PictureGear Studio 2.0 ProductContext ProductContextNPI Quicken 2005 QuickTime RandMap Readme Realtek High Definition Audio Driver Scan ScannerCopy Seagate Manager Installer Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) SkinsHP1 SmartWebPrinting SolutionCenter Sonic RecordNow! Sonic_PrimoSDK SonicStage 3.0 SonicStage Mastering Studio Audio Filter Custom Preset Sony Certificate PCH Sony MP4 Shared Library Sony Sound Forge 7.0 Sony Video Shared Library Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 SpySubtract Status System Requirements Lab for Intel Toolbox TrayApp Unload UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB968220) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2863058) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VAIO Control Center VAIO Entertainment Platform VAIO Launcher VAIO Media 4.0 VAIO Media AC3 Decoder 1.0 VAIO Media Integrated Server 4.1 VAIO Media Redistribution 4.0 VAIO Media Registration Tool 4.0 VAIO Original Screen Saver VAIO Original Screen Saver VAIO Motion SD Wide Contents VAIO Registration VAIO Structure Wallpaper VAIO Survey Standalone VAIO Update 2 VAIO Zone VAIO Zone Remote Commander Verizon High Speed Internet ViewSonic Monitor Drivers Virtual Earth 3D (Beta) WebFldrs XP WebReg Windows Backup Utility Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 WordPerfect Office 12 Yahoo! Photos Easy Upload Tool 1v6 Yahoo! Toolbar . ==== End Of File ===========================
  13. Thank you very much for your help Heir, I really appreciate it!
  14. aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software Run date: 2011-05-03 11:23:06 ----------------------------- 11:23:06.656 OS Version: Windows 5.1.2600 Service Pack 3, v.3264 11:23:06.656 Number of processors: 2 586 0x304 11:23:06.671 ComputerName: TWO UserName: 11:23:09.453 Initialize success 11:23:15.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 11:23:15.390 Disk 0 Vendor: ST3160021A 3.04 Size: 152627MB BusType: 3 11:23:17.421 Disk 0 MBR read successfully 11:23:17.421 Disk 0 MBR scan 11:23:17.421 Disk 0 Windows XP default MBR code 11:23:19.421 Disk 0 scanning sectors +312560640 11:23:19.437 Disk 0 scanning C:\WINDOWS\system32\drivers 11:23:31.250 Service scanning 11:23:32.968 Disk 0 trace - called modules: 11:23:32.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 11:23:32.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82394ab8] 11:23:32.984 3 CLASSPNP.SYS[f8596fd7] -> nt!IofCallDriver -> \Device\00000057[0x823ceeb0] 11:23:32.984 5 ACPI.sys[f84ed620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82342d98] 11:23:32.984 Scan finished successfully 11:26:07.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat" 11:26:07.953 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt" ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=cb09cba52b42f6488ae4dbcd75bb1a07 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-03 06:56:57 # local_time=2011-05-03 11:56:57 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3, v.3264 # compatibility_mode=1024 16777175 100 0 28842728 28842728 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=49179 # found=0 # cleaned=0 # scan_time=1260
  15. Here are the logs from the second computer Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6493 Windows 5.1.2600 Service Pack 3, v.3264 Internet Explorer 7.0.5730.13 5/2/2011 3:13:59 PM mbam-log-2011-05-02 (15-13-59).txt Scan type: Quick scan Objects scanned: 151585 Time elapsed: 11 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFSx86 Run by User at 15:41:08.21 on Mon 05/02/2011 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.311 [GMT -7:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ezSP_Px.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\User\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/platforms uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [sunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302723008031 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-2 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-2 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-2 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-3-24 308136] R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2010-6-2 86098] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2011-4-4 517448] S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?] . =============== Created Last 30 ================ . 2011-04-24 23:10:02 -------- d-----w- c:\program files\DIY DataRecovery MBRtool 2011-04-21 22:20:15 -------- d-----w- c:\program files\MSECache 2011-04-21 19:34:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\WEBREG 2011-04-21 19:29:25 -------- d-----w- c:\docume~1\user\locals~1\applic~1\HP 2011-04-21 19:23:45 -------- d-----w- c:\windows\hpojp8500a909 2011-04-21 19:23:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2011-04-21 19:19:00 -------- d-----w- c:\program files\common files\HP 2011-04-21 19:18:59 -------- d-----w- c:\program files\common files\Hewlett-Packard 2011-04-21 19:17:53 -------- d-----w- c:\program files\HP 2011-04-21 19:17:49 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-04-21 19:17:49 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-04-19 06:12:33 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes 2011-04-19 06:12:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-19 06:12:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-04-19 06:12:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-19 06:12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-14 18:03:28 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-04-14 18:03:28 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2011-04-13 21:50:58 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-13 21:50:57 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-13 21:47:42 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Adobe 2011-04-04 20:23:29 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files . ==================== Find3M ==================== . 2011-03-24 22:29:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll . ============= FINISH: 15:41:39.12 =============== GMER 1.0.15.15572 - http://www.gmer.net Rootkit scan 2011-05-02 15:52:13 Windows 5.1.2600 Service Pack 3, v.3264 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160021A rev.3.04 Running: lmvqjzwe.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pxtdipow.sys ---- Kernel code sections - GMER 1.0.15 ---- ? C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamW 7E425204 5 Bytes JMP 009D5415 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamW 7E432082 5 Bytes JMP 00B6C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectA 7E43A08A 5 Bytes JMP 00B6C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamA 7E43B14C 5 Bytes JMP 00B6C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExW 7E4507F8 5 Bytes JMP 00B6C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExA 7E45081C 5 Bytes JMP 00B6C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamA 7E456D78 5 Bytes JMP 00B6C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectW 7E4664CD 5 Bytes JMP 00B6C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.