Jump to content

Cleaning System

1jollymon
 Share

Recommended Posts

1jollymon

1jollymon

Posted
Posted

I need advice on cleaning my system. I have used the Malwarebytes software to clean as much as possible. I heard of using Hjackthis and before I go further I looked at a post and answer from LDTate with regards to another program called TDssKiller and found not many hits.

My question is, how does one know what to remove from the list of objects?

15:43:27.0882 5584 \Device\Harddisk0\DR0\Partition1 - ok

15:43:27.0898 5584 ============================================================

15:43:27.0898 5584 Scan finished

15:43:27.0898 5584 ============================================================

15:43:27.0913 1512 Detected object count: 14

15:43:27.0913 1512 Actual detected object count: 14

15:45:39.0174 1512 BDSelfPr ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0174 1512 BDSelfPr ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0174 1512 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0174 1512 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0189 1512 iPodDrv ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0189 1512 iPodDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0189 1512 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0189 1512 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0189 1512 McciServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0189 1512 McciServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0189 1512 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0189 1512 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0189 1512 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0189 1512 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0205 1512 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0205 1512 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0205 1512 OneTouch 4.0 Monitor ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0205 1512 OneTouch 4.0 Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0205 1512 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0205 1512 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0205 1512 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0205 1512 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0221 1512 Profos ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0221 1512 Profos ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0221 1512 scan ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0221 1512 scan ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:45:39.0221 1512 Trufos ( UnsignedFile.Multi.Generic ) - skipped by user

15:45:39.0221 1512 Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:48:56.0411 6080 Deinitialize success

Thanks,

Chris

Attach.txt

DDS.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Chris! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

I would like to know what was detected by Malwarebytes' Anti-Malware, to become better acquainted with your problem. So run Malwarebytes' Anti-Malware and open the Logs tab. Find the log file that contains information about malware and post it in your next comment.

Link to post
Share on other sites
1jollymon

1jollymon

Posted
  • Author
Posted

Hi Manic,

Thank you for looking into this. I must first start to explain that I am in the interest of keeping my system clean and that I have had a couple of those pay companies work on my system throughout the years and I want to be able to do this on my own. I pretty good a this computer stuff, but I'm no expert. It seems as though all of the software to clean one's system lead to a call for explanation of it. One usually get an explanation that their system is infected, even after you pay them and their work is done. I clean once a month on schedule. I see that they use the Malwarebytes software and CClean too. Heck, I can do that! After looking at this forum it is clear that there are some areas that I need to come up to speed with. I think I've rid my system of most all of the bugs however, I'm not totally sure. Following your instructions, here is the scan I have completed today.

***************************************************************************************************************************************************88

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.19.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Chris :: HOME-PC [administrator]

Protection: Enabled

4/19/2012 11:39:32 AM

mbam-log-2012-04-19 (11-39-32).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 339726

Time elapsed: 58 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

**********************************************************************************

2012/04/19 11:25:15 -0500 HOME-PC Chris MESSAGE Starting protection

2012/04/19 11:25:18 -0500 HOME-PC Chris MESSAGE Protection started successfully

2012/04/19 11:25:21 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/19 11:25:24 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

2012/04/19 11:25:56 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily

2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Starting database refresh

2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.04.18.05 to version v2012.04.19.02

2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Stopping IP protection

2012/04/19 11:29:24 -0500 HOME-PC Chris MESSAGE IP Protection stopped

2012/04/19 11:29:26 -0500 HOME-PC Chris MESSAGE Database refreshed successfully

2012/04/19 11:29:26 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/19 11:29:29 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

Link to post
Share on other sites
1jollymon

1jollymon

Posted
  • Author
Posted

Ok . . .

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4531

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/2/2010 10:46:42 AM

mbam-log-2010-09-02 (10-46-42).txt

Scan type: Quick scan

Objects scanned: 136825

Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

***************************************************************************************

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5282

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/9/2010 1:41:40 PM

mbam-log-2010-12-09 (13-41-40).txt

Scan type: Quick scan

Objects scanned: 143686

Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

****************************************************************************************

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5282

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/13/2010 8:42:47 AM

mbam-log-2010-12-13 (08-42-47).txt

Scan type: Quick scan

Objects scanned: 143561

Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*************************************************************************************

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5376

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/22/2010 10:39:23 AM

mbam-log-2010-12-22 (10-39-23).txt

Scan type: Full scan (C:\|)

Objects scanned: 238026

Time elapsed: 30 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

**********************************************************************************

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.16.04

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Chris :: HOME-PC [administrator]

Protection: Enabled

4/16/2012 5:48:09 PM

mbam-log-2012-04-16 (17-48-09).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | File System | P2P

Objects scanned: 159558

Time elapsed: 1 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

*********************************************************************************************

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.17.04

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Chris :: HOME-PC [administrator]

Protection: Enabled

4/17/2012 4:40:46 PM

mbam-log-2012-04-17 (16-40-46).txt

Scan type: Custom scan

Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P

Objects scanned: 1

Time elapsed: 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

**************************************************************************************

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.19.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Chris :: HOME-PC [administrator]

Protection: Enabled

4/19/2012 11:39:32 AM

mbam-log-2012-04-19 (11-39-32).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 339726

Time elapsed: 58 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

**************************************************************************************

2012/04/16 13:58:10 -0500 HOME-PC Chris MESSAGE Starting protection

2012/04/16 13:58:12 -0500 HOME-PC Chris MESSAGE Protection started successfully

2012/04/16 13:58:15 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/16 13:58:18 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

2012/04/16 14:02:14 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily

2012/04/16 14:02:15 -0500 HOME-PC Chris MESSAGE Database already up-to-date

2012/04/16 15:37:29 -0500 HOME-PC Chris MESSAGE Stopping IP protection

2012/04/16 15:40:43 -0500 HOME-PC Chris MESSAGE IP Protection stopped

2012/04/16 15:40:43 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/16 15:40:46 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

2012/04/16 17:00:07 -0500 HOME-PC Chris MESSAGE Starting protection

2012/04/16 17:00:10 -0500 HOME-PC Chris MESSAGE Protection started successfully

2012/04/16 17:00:13 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/16 17:00:16 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

**************************************************************************************************************************************

2012/04/17 08:26:28 -0500 HOME-PC Chris MESSAGE Starting protection

2012/04/17 08:26:31 -0500 HOME-PC Chris MESSAGE Protection started successfully

2012/04/17 08:26:34 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/17 08:26:37 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

2012/04/17 09:19:26 -0500 HOME-PC Chris IP-BLOCK 78.140.143.14 (Type: outgoing, Port: 50020, Process: firefox.exe)

2012/04/17 09:36:31 -0500 HOME-PC Chris IP-BLOCK 208.94.234.159 (Type: outgoing, Port: 50601, Process: firefox.exe)

2012/04/17 09:40:48 -0500 HOME-PC Chris IP-BLOCK 78.140.143.14 (Type: outgoing, Port: 50885, Process: firefox.exe)

2012/04/17 09:44:00 -0500 HOME-PC Chris IP-BLOCK 78.140.138.13 (Type: outgoing, Port: 51269, Process: firefox.exe)

2012/04/17 10:50:34 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily

2012/04/17 10:50:42 -0500 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.04.16.04 to version v2012.04.17.04

2012/04/17 10:50:42 -0500 HOME-PC Chris MESSAGE Starting database refresh

2012/04/17 10:50:42 -0500 HOME-PC Chris MESSAGE Stopping IP protection

2012/04/17 10:54:16 -0500 HOME-PC Chris MESSAGE IP Protection stopped

2012/04/17 10:54:18 -0500 HOME-PC Chris MESSAGE Database refreshed successfully

2012/04/17 10:54:18 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/17 10:54:21 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

2012/04/17 12:44:29 -0500 HOME-PC Chris MESSAGE Starting protection

2012/04/17 12:44:32 -0500 HOME-PC Chris MESSAGE Protection started successfully

2012/04/17 12:44:35 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/17 12:44:38 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

******************************************************************************************************************************************

2012/04/18 11:29:04 -0500 HOME-PC Chris MESSAGE Starting protection

2012/04/18 11:29:07 -0500 HOME-PC Chris MESSAGE Protection started successfully

2012/04/18 11:29:10 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/18 11:29:14 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

2012/04/18 11:29:46 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily

2012/04/18 11:29:55 -0500 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.04.17.04 to version v2012.04.18.05

2012/04/18 11:29:55 -0500 HOME-PC Chris MESSAGE Starting database refresh

2012/04/18 11:29:55 -0500 HOME-PC Chris MESSAGE Stopping IP protection

2012/04/18 11:33:40 -0500 HOME-PC Chris MESSAGE IP Protection stopped

2012/04/18 11:33:43 -0500 HOME-PC Chris MESSAGE Database refreshed successfully

2012/04/18 11:33:43 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/18 11:33:46 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

2012/04/18 14:38:01 -0500 HOME-PC Chris MESSAGE Starting protection

2012/04/18 14:38:04 -0500 HOME-PC Chris MESSAGE Protection started successfully

2012/04/18 14:38:07 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/18 14:38:11 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

***************************************************************************************************************************

2012/04/19 11:25:15 -0500 HOME-PC Chris MESSAGE Starting protection

2012/04/19 11:25:18 -0500 HOME-PC Chris MESSAGE Protection started successfully

2012/04/19 11:25:21 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/19 11:25:24 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

2012/04/19 11:25:56 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily

2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Starting database refresh

2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.04.18.05 to version v2012.04.19.02

2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Stopping IP protection

2012/04/19 11:29:24 -0500 HOME-PC Chris MESSAGE IP Protection stopped

2012/04/19 11:29:26 -0500 HOME-PC Chris MESSAGE Database refreshed successfully

2012/04/19 11:29:26 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/19 11:29:29 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

2012/04/19 14:23:14 -0500 HOME-PC Chris MESSAGE Starting protection

2012/04/19 14:23:16 -0500 HOME-PC Chris MESSAGE Protection started successfully

2012/04/19 14:23:19 -0500 HOME-PC Chris MESSAGE Starting IP protection

2012/04/19 14:23:22 -0500 HOME-PC Chris MESSAGE IP Protection started successfully

******************************************************************************************************************************

Link to post
Share on other sites
1jollymon

1jollymon

Posted
  • Author
Posted

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 7/5/2010 10:21:19 PM

System Uptime: 4/18/2012 2:35:16 PM (2 hours ago)

.

Motherboard: ELITEGROUP | | MCP61P

Processor: AMD Athlon 64 X2 Dual Core Processor 5200+ | Socket M2 | 2600/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 187.546 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 9.611 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Profos

Device ID: ROOT\LEGACY_PROFOS\0000

Manufacturer:

Name: Profos

PNP Device ID: ROOT\LEGACY_PROFOS\0000

Service: Profos

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: Hauppauge WinTV HVR-1600 NTSC/ATSC Combo

Device ID: PCI\VEN_14F1&DEV_5B7A&SUBSYS_74040070&REV_00\4&9418CF&0&2820

Manufacturer: Hauppauge

Name: Hauppauge WinTV HVR-1600 NTSC/ATSC Combo

PNP Device ID: PCI\VEN_14F1&DEV_5B7A&SUBSYS_74040070&REV_00\4&9418CF&0&2820

Service: hcw18bda

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP301: 3/7/2012 11:41:18 AM - Revo Uninstaller's restore point - Realtek High Definition Audio Driver

RP303: 3/7/2012 12:07:01 PM - Revo Uninstaller's restore point - Realtek High Definition Audio Driver

RP305: 3/11/2012 6:58:08 PM - Installed DTCPIP Advisor

RP306: 3/11/2012 7:05:01 PM - Installed Java 6 Update 31

RP308: 3/11/2012 7:48:43 PM - Installed NVIDIA Performance

RP310: 3/11/2012 7:50:03 PM - Installed NVIDIA System Monitor

RP312: 3/12/2012 4:19:19 PM - Revo Uninstaller's restore point - DIRECTV2PC Playback Advisor

RP314: 3/12/2012 4:19:40 PM - Configured DTCPIP Advisor

RP315: 3/13/2012 5:02:58 PM - Windows Update

RP317: 3/14/2012 10:55:42 AM - Installed DirecTV

RP319: 3/14/2012 11:10:54 AM - Installed DirecTV

RP321: 3/14/2012 11:15:21 AM - Installed DirecTV

RP323: 3/14/2012 11:16:05 AM - Installed DirecTV

RP325: 3/14/2012 11:20:36 AM - Installed DirecTV

RP327: 3/14/2012 11:21:34 AM - Revo Uninstaller's restore point - DIRECTV2PC

RP329: 3/14/2012 11:21:52 AM - Configured DirecTV

RP330: 3/14/2012 7:05:06 PM - Windows Update

RP331: 3/24/2012 3:56:17 PM - Scheduled Checkpoint

RP333: 3/30/2012 3:25:02 PM - Revo Uninstaller's restore point - Core Temp version 0.99.7

RP335: 3/31/2012 5:36:05 PM - Revo Uninstaller's restore point - AVG Security Toolbar

RP337: 3/31/2012 5:37:41 PM - Revo Uninstaller's restore point - FixCleaner

RP338: 3/31/2012 5:37:51 PM - Removed FixCleaner

RP340: 3/31/2012 5:40:01 PM - Revo Uninstaller's restore point - Dave Ramsey's Financial Peace Financial Software

RP342: 3/31/2012 5:41:11 PM - Revo Uninstaller's restore point - Yahoo! Software Update

RP343: 4/11/2012 10:13:03 PM - Windows Update

RP345: 4/16/2012 10:38:22 AM - RegClean Pro Mon, Apr 16, 12 10:38

RP347: 4/16/2012 12:39:38 PM - DSU : Disk Speedup - Disk SpeedUp

RP348: 4/16/2012 2:06:03 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AoA DVD Copy

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AT&T Troubleshoot & Resolve Tool

att.net Toolbar

AutocompletePro

Bing Bar

Bing Rewards Client Installer

Bonjour

Bonjour Print Services

BufferChm

CCleaner

Cisco WebEx Meetings

Core Temp version 0.99.7

Corel Applications

Coupon Printer for Windows

D110

D3DX10

Destinations

DeviceDiscovery

Digital Voice Editor 3

Disk Speedup

doubleTwist

Dragon NaturallySpeaking 11

DriverAgent by eSupport.com

Dropbox

EASEUS Data Recovery Wizard Free Edition 5.0.1

ExamView Assessment Suite

ffdshow [rev 2527] [2008-12-19]

FOX News Live Stream

Google Apps Migration For Microsoft Outlook® 2.3.12.34

Google Apps Sync™ for Microsoft Outlook® 3.0.51.96

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hauppauge WinTV 7

HiJackThis

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

HP Smart Web Printing 4.60

HP Update

HPAppStudio

HPDiagnosticAlert

HPPhotoGadget

HPProductAssistant

HPSSupply

HTC BMP USB Driver

HTC Driver Installer

Internet TV for Windows Media Center

iTunes

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Kofax VirtualReScan 4.10

Kofax VRS Update for Visioneer OneTouch OEM

M86Security Secure Browsing

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

Marvell Miniport Driver

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft IntelliPoint 8.2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft SAPI 5.1 Runtime

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 10.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Network

NVIDIA Control Panel 295.73

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA Graphics Driver 295.73

NVIDIA Install Application

NVIDIA Performance

NVIDIA System Monitor

NVIDIA Update 1.7.11

NVIDIA Update Components

OGA Notifier 2.0.0048.0

OneTouch 4.0

OneTouch 4.0 ScanSoft OmniPage OCR Module

PlayReady PC Runtime x86

Presto! BizCard 5 (English Version)

PS_AIO_07_D110_SW_Min

PVSonyDll

QuickTime

QuickTransfer

RegClean Pro

Revo Uninstaller 1.93

Scan

ScanSoft OmniPage 15

ScanSoft PaperPort 11

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Shop for HP Supplies

Skype Click to Call

Skype™ 5.5

SmartWebPrinting

SolutionCenter

Status

Systweak PhotoStudio 2.1

The Shield Deluxe 2010

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking

Visual C++ Runtime for Dragon NaturallySpeaking

WebEx Support Manager for Internet Explorer

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

4/18/2012 2:37:17 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/18/2012 2:37:08 PM, Error: Service Control Manager [7000] - The Profos service failed to start due to the following error: The request is not supported.

4/18/2012 2:35:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv szkg5 szkgfs

4/17/2012 3:10:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

4/17/2012 3:07:17 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

4/12/2012 5:20:16 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Chris at 16:22:50 on 2012-04-18

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3198.1466 [GMT -5:00]

.

AV: The Shield Deluxe Antivirus *Enabled/Updated* {5988F8C3-A12C-B8DD-7291-D5248C8353F8}

SP: The Shield Deluxe Antispyware *Enabled/Updated* {E2E91927-8716-B753-4821-EE56F7041945}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe

C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Nuance\dgnsvc.exe

C:\Program Files\Disk Speedup\DSUDefragSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe

C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciServiceHost.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={22882FB4-F8BE-4F4E-8162-90445192A92F}&mid=eb174d40acc347d0b5dbd15067643aa2-06ce4fc639803a2e3563922518183d8e94088cb9〈=en&ds=ts025&pr=sa&d=2012-03-30 18:33:30&v=9.0.0.23&sap=hp

uSearch Bar = Preserve

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local;<local>

mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5426E

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: The Shield Deluxe 2010 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\the shield deluxe\the shield deluxe 2010\IEToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll

TB: {BB670D0B-5C46-40C7-B38B-40DD26987723} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

{85e0b171-04fa-11d1-b7da-00a0c90348d6}

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Google Update] "c:\users\chris\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [9B76BD8E0E6C799CA95AC4260DAE52D2CD6E0D82._service_run] "c:\users\chris\appdata\local\google\chrome\application\chrome.exe" --type=service

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [bitDefender Antiphishing Helper] "c:\program files\the shield deluxe\the shield deluxe 2010\IEShow.exe"

mRun: [bDAgent] "c:\program files\the shield deluxe\the shield deluxe 2010\bdagent.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\chris\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: $talisma_url$

Trusted Zone: ucourses.com\ccis

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.1.254

TCP: Interfaces\{0B0F9AD2-46B6-44D7-8102-3CB6BA5F6D83} : DhcpNameServer = 192.168.2.1 192.168.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs:

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zkc6zfre.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\the shield deluxe\the shield deluxe 2011\bdaphffext\components\bdaphff3.6.dll

FF - component: c:\program files\the shield deluxe\the shield deluxe 2011\bdaphffext\components\bdaphff3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.68\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\chris\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zkc6zfre.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

.

---- FIREFOX POLICIES ----

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxps://ccis.ucourses.com

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

user_pref(capability.policy.allowclipboard.sites,

hxxp://www.mozilla.org https://www.mozilla.org)

FF - user.js: network.http.max-persistent-connections-per-server -

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R1 bdfwfpf;bdfwfpf;c:\program files\common files\the shield deluxe\the shield deluxe firewall\bdfwfpf.sys [2009-9-1 78856]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]

R2 DSUDiskOptimizer;DSUDiskOptimizer;c:\program files\disk speedup\DSUDefragSrv.exe [2012-4-16 668472]

R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2011-11-21 570368]

R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-3-9 6656]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-16 654408]

R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-3-30 315392]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-5 2348352]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-8-12 87040]

R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152328]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-16 22344]

R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2012-1-25 319264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 253088]

S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\common files\the shield deluxe\the shield deluxe arrakis server\bin\arrakis3.exe [2009-9-14 183880]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-4-17 23456]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 135664]

S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2011-11-21 719616]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]

S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2010-7-9 11264]

S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-6 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-04-17 21:16:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys

2012-04-17 21:16:51 -------- d-----w- c:\users\chris\appdata\local\eSupport.com

2012-04-16 20:35:48 -------- d-----w- c:\users\chris\appdata\roaming\Finjan

2012-04-16 20:35:47 -------- d-----w- c:\program files\M86Security Secure Browsing

2012-04-16 19:06:25 388096 ----a-r- c:\users\chris\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-04-16 18:56:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-16 18:56:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-16 17:46:14 -------- d-----w- c:\programdata\AMMYY

2012-04-16 15:56:44 -------- d-----w- c:\programdata\Systweak

2012-04-16 15:56:34 -------- d-----w- c:\program files\Disk Speedup

2012-04-16 15:49:35 -------- d-----w- c:\program files\Systweak

2012-04-16 15:39:13 2220 ----a-w- c:\windows\system32\ASOROSet.bin

2012-04-16 15:34:34 -------- d-----w- c:\users\chris\appdata\roaming\Systweak

2012-04-16 15:34:32 17280 ----a-w- c:\windows\system32\roboot.exe

2012-04-16 15:34:29 -------- d-----w- c:\program files\RegClean Pro

2012-04-13 16:26:52 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-12 03:18:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-12 03:18:01 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-04-12 03:18:01 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll

2012-04-12 03:18:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll

2012-04-12 03:18:00 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-04-12 03:17:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll

2012-04-12 03:17:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-04-12 03:13:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 03:13:35 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 03:13:35 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 03:13:35 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 03:13:18 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-12 03:13:17 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2012-03-31 01:26:26 -------- d-----w- c:\program files\ATT-SST

2012-03-31 01:22:37 -------- d-----w- c:\program files\common files\Motive

2012-03-31 01:20:32 -------- d-----w- c:\programdata\ATTYToolbar

2012-03-30 23:33:22 -------- d--h--w- c:\programdata\Common Files

2012-03-30 23:32:39 -------- d-----w- c:\users\chris\appdata\roaming\FixCleaner

2012-03-30 20:31:14 -------- d-----w- c:\program files\Core Temp

.

==================== Find3M ====================

.

2012-04-13 19:48:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-12 00:05:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 17:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 17:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-02-14 18:46:28 172032 ----a-w- c:\windows\system32\AniGIF.ocx

2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 04:13:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-10 04:13:00 61248 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-10 04:13:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-10 04:13:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-10 04:13:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll

2012-02-10 04:13:00 19443520 ----a-w- c:\windows\system32\nvoglv32.dll

2012-02-10 04:13:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2012-02-10 04:13:00 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-02-10 04:13:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll

2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll

2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-07 16:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 10:23:10 319264 ----a-w- c:\windows\system32\drivers\yk62x86.sys

2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

============= FINISH: 16:23:25.15 ===============

Link to post
Share on other sites
1jollymon

1jollymon

Posted
  • Author
Posted

Yes, that's all . . . I must have gotten all of the infections on my very first round. The system is working much faster now however, I was reading another post about false positives and the use of TDSSkiller (attached log) and had some skipped files that I was not sure of and I needed to know if I should delete them or ignore them.

I just don't know that these pay services are really worth it, not knowing them and having them in my computer remotely is a bit scary. They keep pointing to my system logs with errors an say that these are viruses an they must be repaired. I have only lost one computer do to infection and that was enough for me to stay on top of security and cleaning. The only other issue I have with this desktop is that it randomly freezes the keyboard and mouse. The error is something about lost memory?

I thank you for your set of eyes on this as I certainly don't want to delete the wrong files. So this is computer is the first to be cleaned, I have a laptop that I will be cleaning out as well that I'm pretty sure is clean now as well. It is running a bit slow but I'll address this another day.

Ok, Maniac, I really appreciate you time spent on this. I you feel that there are other steps needed, please let me know.

Regards,

Chris

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Don't do anything else. I want an additional scan:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

The last:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites
1jollymon

1jollymon

Posted
  • Author
Posted

Hi Maniac,

I want too thank you for all your expertise and help. In your opinion, what is the best antivirus protection one should be running on their machine? I currently am using Shield Deluxe.

Lastly, what is the best way to get rid of duplicate files?

Again, Thank you very much! :)

Chris

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted
In your opinion, what is the best antivirus protection one should be running on their machine? I currently am using Shield Deluxe.

There are various options. First, you should consider whether you choose between paid and free versions. Good options are here:

http://www.malwarevault.com/prevention.html

Good tips and for malware prevention.

Lastly, what is the best way to get rid of duplicate files?

Here, I have no experience and I can not give a competent answer. For example, take a look here:

http://www.pcworld.com/article/217543/remove_duplicate_files_with_duplicate_cleaner.html

Please manually delete DDS, TDSSKiller and Kaspersky AVP. Next, uninstall ESET Online Scanner.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.