I am infected!

promethian · June 16, 2012

I am getting outgoing block pop-ups from my pro version of Malwarebytes every few seconds to a few IPs.

I followed the instructions for creating a DDS log and here it is.... please form any responses in a way a 5 year old would understand as I am a relative luddite when it comes to this stuff.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 15/04/2010 10:16:32 AM

System Uptime: 16/06/2012 12:29:29 PM (1 hours ago)

.

Motherboard: Gateway | | H57M01

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 914 GiB total, 736.867 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP288: 04/06/2012 3:00:12 AM - Windows Update

RP289: 08/06/2012 4:35:10 AM - Windows Update

RP290: 12/06/2012 12:43:41 AM - Installed Java 6 Update 32

RP291: 13/06/2012 4:33:00 PM - Windows Update

RP292: 14/06/2012 3:00:12 AM - Windows Update

RP293: 16/06/2012 8:40:50 AM - Installed Java 6 Update 33

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Advertising Center

AMD DnD V1.0.19

Apple Application Support

Apple Software Update

Babylon toolbar on IE

Backup Manager Advance

BufferChm

C4700

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catan - Cities and Knights

Catan Online World

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

D3DX10

Destinations

DeviceDiscovery

Dropbox

eBay Worldwide

EPS Viewer

Gateway Games

Gateway InfoCentre

Gateway MyBackup

Gateway Photo Frame 4.2.3.10

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HP Update

HPPhotoGadget

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

Identity Card

ImagXpress

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 33

JMicron JMB36X Driver

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Student 2010 - English

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Suite Activation Assistant

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

PS_AIO_06_C4700_SW_Min

QuickTime

Realtek High Definition Audio Driver

RoE Power Tools

Safari

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Sid Meier's Civilization 4 Complete

Sid Meier's Civilization IV Colonization

Skype Click to Call

Skype™ 5.8

SmartWebPrinting

SolutionCenter

Star Wars: The Old Republic

StarCraft II

Status

Toolbox

TrayApp

TurboTax 2010

TurboTax 2011

TurboTax Business Incorporated 2011

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Ventrilo Client

WebReg

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Detect

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

16/06/2012 11:55:39 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

16/06/2012 11:06:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

16/06/2012 11:06:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

16/06/2012 11:05:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl1 KLIF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

15/06/2012 5:59:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

.

==== End Of File ===========================

gringo_pr · June 17, 2012

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
[*]Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
[*]Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
[*]Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

Please download

DeFogger to your desktop.
Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

Security Check

Download Security Check by screen317 from

here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:

Download DDS and save it to your desktop

Link1
Link2
Link3
Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
[*]A window will open instructing you save & post the logs
[*]Save the logs to a convenient place such as your desktop
[*]Copy the contents of both logs & post in your next reply

information and logs:

In your next post I need the following

.logs from DDS
let me know of any problems you may have had

Gringo

promethian · June 17, 2012

Problems with the computer so far: difficulty opening files in Excel (says unable to create temp environment... and short of memory, even if nothing is open); Audio Ads running even when no browser open; unable to open attachment files in Windows Live; slow internet and page loading; randomly find browser open to websites I haven't opened (and I live alone) after having left computer on and not been on it.

Here are the three logs requested:

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 33

Java version out of date!

Adobe Reader X (10.1.3)

Google Chrome 19.0.1084.52

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes Anti-Malware mbam.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Scott at 23:27:46 on 2012-06-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.5844 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\OEM\USBDECTION\USBS3S4Detection.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe

C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

Q:\140061.enu\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Scott\Downloads\SecurityCheck.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\SysWOW64\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?AF=108980&babsrc=HP_ss&mntrId=14c9424a000000000000701a04ef5b08

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [compeout] rundll32 "C:\Windows\system32\autoHost64.dll",CreateProcessNotify

uRun: [ireyln] rundll32.exe "C:\Users\Scott\AppData\Local\Temp\ireyln.dll",StopFeedLoad

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://64.114.238.141/activex/AxisCamControl.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9A775B56-1982-4132-A5E9-F06243D11877} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C81A1BB0-18C2-4D14-99BD-14BA195B463D} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C81A1BB0-18C2-4D14-99BD-14BA195B463D}\3534F44545D20534F5E4564777F627B6 : DhcpNameServer = 192.168.0.1

Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO-X64: Babylon toolbar helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-30 654408]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-12-1 240160]

R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 135664]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-30 257224]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 135664]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-16 22:48:36 -------- d-----w- C:\ProgramData\HP Photo Creations

2012-06-16 22:48:36 -------- d-----w- C:\Program Files (x86)\HP Photo Creations

2012-06-16 22:48:30 -------- d-----w- C:\Users\Scott\AppData\Roaming\HpUpdate

2012-06-16 22:28:30 -------- d-----w- C:\Windows\Hewlett-Packard

2012-06-16 22:16:39 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-16 19:35:53 -------- d-----w- C:\Users\Scott\AppData\Local\{C93DCBC3-3AEA-4B9A-AB74-EA2BA1937A21}

2012-06-16 19:20:58 -------- d-----w- C:\Users\Scott\AppData\Local\{2CB05255-50F7-443F-BE68-57A2C9C04C54}

2012-06-16 17:17:36 -------- d-----w- C:\ProgramData\PLAV

2012-06-16 17:17:10 -------- d-----w- C:\ProgramData\ParetoLogic Anti-Virus PLUS

2012-06-16 06:10:15 -------- d-----w- C:\Users\Scott\AppData\Local\{0C75FC1C-4299-4ED6-A4FB-9E852EB52F3D}

2012-06-15 18:10:10 -------- d-----w- C:\Users\Scott\AppData\Local\{B18A0E0E-3AA8-4AAE-8C9D-62FEFBE087FD}

2012-06-15 10:37:14 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01FC08EE-DB8E-43EA-A4F6-892949FB4D26}\mpengine.dll

2012-06-15 06:10:06 -------- d-----w- C:\Users\Scott\AppData\Local\{5A16661B-BF30-42D4-9B25-8CA38D75989B}

2012-06-14 18:09:54 -------- d-----w- C:\Users\Scott\AppData\Local\{535C103F-A3B1-4D54-9992-38EC8EE8E721}

2012-06-14 18:09:32 -------- d-----w- C:\Users\Scott\AppData\Local\{B06762F5-5D75-4231-A37F-07F31C3DB369}

2012-06-14 06:08:54 -------- d-----w- C:\Users\Scott\AppData\Local\{8C5FCB2D-6F22-4CB2-AEF3-CB64386F1856}

2012-06-14 06:08:26 -------- d-----w- C:\Users\Scott\AppData\Local\{C06E069C-4BD1-4D3F-9FA2-14B459AE604F}

2012-06-13 18:08:06 -------- d-----w- C:\Users\Scott\AppData\Local\{1BA35862-CC19-450F-81AF-CED1733EAEA4}

2012-06-13 18:07:35 -------- d-----w- C:\Users\Scott\AppData\Local\{EA624360-C83D-455A-8E12-B4E655E06C52}

2012-06-13 06:07:33 -------- d-----w- C:\Users\Scott\AppData\Local\{F4EF1050-723D-4066-8434-6F7588B6EC5B}

2012-06-13 06:07:18 -------- d-----w- C:\Users\Scott\AppData\Local\{88E03411-DC6F-4C90-B47E-A09B16150737}

2012-06-12 18:07:04 -------- d-----w- C:\Users\Scott\AppData\Local\{5ADA9CE7-4FEB-47AD-B436-08A6F9EEF2FF}

2012-06-12 18:07:00 -------- d-----w- C:\Users\Scott\AppData\Local\{C66B034E-FDA8-41AD-B3AA-C96AA998ACB4}

2012-06-12 07:44:35 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-12 06:06:46 -------- d-----w- C:\Users\Scott\AppData\Local\{A4BCAC10-ACF8-4271-9260-5E2D65149DC5}

2012-06-12 06:06:36 -------- d-----w- C:\Users\Scott\AppData\Local\{90DE1452-F67C-44C9-AB8B-C2CF9FD67BF5}

2012-06-11 18:05:21 -------- d-----w- C:\Users\Scott\AppData\Local\{0986028B-A32F-40A6-BD51-8A54BEBC4966}

2012-06-11 18:05:06 -------- d-----w- C:\Users\Scott\AppData\Local\{8C6221F6-B8C2-4EE7-B28B-A66069AD8496}

2012-06-11 06:04:42 -------- d-----w- C:\Users\Scott\AppData\Local\{4FE44F11-6235-49E8-965F-6DA86B7FDEB0}

2012-06-11 06:04:33 -------- d-----w- C:\Users\Scott\AppData\Local\{EC4CB617-8C59-4803-8EB4-2A2925FAA0D7}

2012-06-10 18:02:58 -------- d-----w- C:\Users\Scott\AppData\Local\{39557910-2BC3-4813-BCB7-6ABA39D74E8D}

2012-06-10 18:01:51 -------- d-----w- C:\Users\Scott\AppData\Local\{E83B8D09-2EB1-4C03-87A8-17BF197CC436}

2012-06-10 06:01:29 -------- d-----w- C:\Users\Scott\AppData\Local\{7542F8FA-7022-42C5-8ECA-7EE9B0AC4AF2}

2012-06-10 06:01:28 -------- d-----w- C:\Users\Scott\AppData\Local\{512DAE1F-2F21-494F-A6F9-4AD85499395E}

2012-06-09 18:01:05 -------- d-----w- C:\Users\Scott\AppData\Local\{9626F434-25EC-49E9-BA00-FA7B8CAFAA0E}

2012-06-09 18:00:10 -------- d-----w- C:\Users\Scott\AppData\Local\{EA85FAC9-7DF1-45C0-8E91-77E1016F9AED}

2012-06-09 06:00:02 -------- d-----w- C:\Users\Scott\AppData\Local\{404F45D9-CFEF-4508-B27B-7051BB5FE1E2}

2012-06-09 05:59:41 -------- d-----w- C:\Users\Scott\AppData\Local\{F7CE12E3-17C5-493E-9578-D870F412535A}

2012-06-08 17:59:20 -------- d-----w- C:\Users\Scott\AppData\Local\{E0D84AB7-692C-4C6E-B17D-13A51B030C82}

2012-06-08 17:59:10 -------- d-----w- C:\Users\Scott\AppData\Local\{751598FE-220F-4DC6-862D-AE9AD7CEEBDB}

2012-06-08 05:58:47 -------- d-----w- C:\Users\Scott\AppData\Local\{9F593E2D-8891-4B24-878F-6E0D18F5B559}

2012-06-08 05:58:46 -------- d-----w- C:\Users\Scott\AppData\Local\{7E3C549D-9830-416A-ABFF-6A574992AF10}

2012-06-07 17:58:22 -------- d-----w- C:\Users\Scott\AppData\Local\{29697314-BE75-4DF4-B1D0-1103A4203555}

2012-06-07 17:58:10 -------- d-----w- C:\Users\Scott\AppData\Local\{2813E5D2-6E9E-43ED-94FC-C79A754F58F1}

2012-06-07 05:57:55 -------- d-----w- C:\Users\Scott\AppData\Local\{1E524980-CFB4-4CD8-A9A7-04F5ED374EED}

2012-06-07 05:57:34 -------- d-----w- C:\Users\Scott\AppData\Local\{258D21E4-A0A9-482C-8D10-2C5D5B5DE3A5}

2012-06-06 17:57:29 -------- d-----w- C:\Users\Scott\AppData\Local\{5EE28E85-899E-455A-BE49-F292967C37FB}

2012-06-06 17:57:16 -------- d-----w- C:\Users\Scott\AppData\Local\{7C07E5C8-2A9C-43AD-A2F4-4777ACF84AF2}

2012-06-06 05:57:11 -------- d-----w- C:\Users\Scott\AppData\Local\{8BE43308-CE1D-46B2-AEF3-1D859BF180F8}

2012-06-06 05:56:47 -------- d-----w- C:\Users\Scott\AppData\Local\{F3C67B90-530B-4436-B7DA-7C4F49FD3996}

2012-06-05 17:56:41 -------- d-----w- C:\Users\Scott\AppData\Local\{6CB677C5-5D9E-40B8-9504-481E9076ED14}

2012-06-05 17:56:38 -------- d-----w- C:\Users\Scott\AppData\Local\{4337AE5E-3C2A-45CA-9E0B-360F8374CAA1}

2012-06-05 05:56:24 -------- d-----w- C:\Users\Scott\AppData\Local\{0AAA06B0-1C8B-418A-BA60-DBD882B3FAAB}

2012-06-05 05:56:14 -------- d-----w- C:\Users\Scott\AppData\Local\{401F392B-9589-40D8-8704-7779599EEEE3}

2012-06-04 17:56:03 -------- d-----w- C:\Users\Scott\AppData\Local\{BE205F1D-96E5-421F-A49A-4FD75695FD72}

2012-06-04 17:55:56 -------- d-----w- C:\Users\Scott\AppData\Local\{B2197C9B-A0E0-4436-845C-96A2C3DB3FD6}

2012-06-04 05:55:30 -------- d-----w- C:\Users\Scott\AppData\Local\{15DC787A-113B-46BD-9DB3-A0B12B6A001C}

2012-06-04 05:55:26 -------- d-----w- C:\Users\Scott\AppData\Local\{09847DEA-A1BC-4040-9191-7DC036951485}

2012-06-03 17:54:26 -------- d-----w- C:\Users\Scott\AppData\Local\{919C69FB-6AF9-4048-BDD6-1EA02CE954F0}

2012-06-03 17:53:50 -------- d-----w- C:\Users\Scott\AppData\Local\{E8E328CC-C131-445F-A420-F47B478D7BFA}

2012-06-03 05:53:28 -------- d-----w- C:\Users\Scott\AppData\Local\{B5753C9C-4D2E-457B-B258-9B5778098D94}

2012-06-03 05:52:45 -------- d-----w- C:\Users\Scott\AppData\Local\{D5B224FB-9683-4797-81F5-2B38DD4C8419}

2012-06-02 17:51:16 -------- d-----w- C:\Users\Scott\AppData\Local\{A0CF5F7E-F9DB-4824-9785-7250DF5332DB}

2012-06-02 17:51:13 -------- d-----w- C:\Users\Scott\AppData\Local\{D9606D23-CB20-4673-B435-71B9A3F2DFBC}

2012-06-02 05:50:34 -------- d-----w- C:\Users\Scott\AppData\Local\{396C50B9-6A7A-4E9A-A131-04AF53A74E25}

2012-06-02 05:50:10 -------- d-----w- C:\Users\Scott\AppData\Local\{16623201-41E1-4354-967E-4B0D1A29CE76}

2012-06-01 17:49:35 -------- d-----w- C:\Users\Scott\AppData\Local\{59DFAEE8-F18B-4C30-B8CA-57E118CF6380}

2012-06-01 17:49:04 -------- d-----w- C:\Users\Scott\AppData\Local\{2780F154-8ED8-4068-9B61-4AD2F12E8CAF}

2012-06-01 05:48:41 -------- d-----w- C:\Users\Scott\AppData\Local\{A0141189-1CC6-4437-9AD1-DA7BF5F24C30}

2012-06-01 05:48:35 -------- d-----w- C:\Users\Scott\AppData\Local\{D5833D70-64C1-4A6A-B0C9-0A6C7B2098D4}

2012-05-31 17:48:17 -------- d-----w- C:\Users\Scott\AppData\Local\{72C11EED-DFFE-4945-B8E5-3FBF550FBB4C}

2012-05-31 17:48:14 -------- d-----w- C:\Users\Scott\AppData\Local\{2575106B-CBE1-490F-B23E-C704359F4301}

2012-05-31 05:47:56 -------- d-----w- C:\Users\Scott\AppData\Local\{0B561BEC-0052-45AD-B6B9-5A0473441BAF}

2012-05-31 05:47:53 -------- d-----w- C:\Users\Scott\AppData\Local\{14F22FDD-5541-4EAF-A086-89EA8BDB777A}

2012-05-30 23:55:18 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes

2012-05-30 23:55:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-30 23:55:12 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-30 23:55:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-30 23:37:18 62464 ---ha-w- C:\Windows\System32\autoHost64.dll

2012-05-30 23:36:43 -------- d-----w- C:\ProgramData\B7E8587100017DC3000BDF33B4EB2367

2012-05-30 23:36:42 -------- d-----w- C:\Users\Scott\AppData\Local\CMI

2012-05-30 17:47:27 -------- d-----w- C:\Users\Scott\AppData\Local\{97319CC9-3CEF-4F1C-A9B8-44266A89A03E}

2012-05-30 17:46:38 -------- d-----w- C:\Users\Scott\AppData\Local\{9DB9C3C1-585D-4161-A3DF-186F4ED30382}

2012-05-30 13:19:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-30 13:19:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-30 05:46:00 -------- d-----w- C:\Users\Scott\AppData\Local\{729BCA00-5710-4801-B5F8-6BEE8E7E3052}

2012-05-30 05:45:32 -------- d-----w- C:\Users\Scott\AppData\Local\{9FDF9337-98AE-48E1-9DE3-46E6B258D7A2}

2012-05-29 17:44:54 -------- d-----w- C:\Users\Scott\AppData\Local\{4D740241-808B-47B2-A38C-DFEB90DDCBBB}

2012-05-29 17:43:41 -------- d-----w- C:\Users\Scott\AppData\Local\{A293AB6A-E624-4955-8D9D-1449998001B8}

2012-05-29 05:42:37 -------- d-----w- C:\Users\Scott\AppData\Local\{F023DE7B-E034-4AE0-88B2-CB30FCB0E4DE}

2012-05-29 05:42:27 -------- d-----w- C:\Users\Scott\AppData\Local\{0890C58C-D548-4F2F-B27D-879C54D4C17C}

2012-05-28 17:42:25 -------- d-----w- C:\Users\Scott\AppData\Local\{E4D86CFA-0C91-4F59-B1A7-AEFF1DC8E6AE}

2012-05-28 17:42:00 -------- d-----w- C:\Users\Scott\AppData\Local\{F112A2CC-8421-4C04-9E3E-AA0C332AC568}

2012-05-28 05:41:28 -------- d-----w- C:\Users\Scott\AppData\Local\{B46944E6-7901-4DE3-A19E-7C0E55171BE8}

2012-05-28 05:40:19 -------- d-----w- C:\Users\Scott\AppData\Local\{CD926C96-683F-4514-9131-B07D4C783617}

2012-05-27 17:39:04 -------- d-----w- C:\Users\Scott\AppData\Local\{BA71E710-B902-41AF-B919-E22EB2ECCB38}

2012-05-27 17:38:31 -------- d-----w- C:\Users\Scott\AppData\Local\{3CA7194B-796F-492E-890A-FB1E5C14A01D}

2012-05-27 05:38:02 -------- d-----w- C:\Users\Scott\AppData\Local\{6F240847-821A-42E8-AD4D-F41FAE6F629A}

2012-05-27 05:37:28 -------- d-----w- C:\Users\Scott\AppData\Local\{DB952665-DDF3-4378-BE0B-E097FAAF577F}

2012-05-26 17:36:32 -------- d-----w- C:\Users\Scott\AppData\Local\{B80B225D-1337-4843-AF9E-576DCA2CFF1B}

2012-05-26 17:36:04 -------- d-----w- C:\Users\Scott\AppData\Local\{20E768A2-5116-4F52-84A7-2E10F93061A4}

2012-05-26 05:35:05 -------- d-----w- C:\Users\Scott\AppData\Local\{AEBD821D-A9EB-4002-BF2D-902797CB93A7}

2012-05-26 05:34:58 -------- d-----w- C:\Users\Scott\AppData\Local\{F1A13E5C-6DA6-4AAD-8A75-69D789EA072C}

2012-05-25 17:34:32 -------- d-----w- C:\Users\Scott\AppData\Local\{D85B6C9B-C80B-4D26-AEED-D8C25139182F}

2012-05-25 17:34:29 -------- d-----w- C:\Users\Scott\AppData\Local\{B44A83E9-A784-459A-9E65-A2C413F972C5}

2012-05-25 05:33:57 -------- d-----w- C:\Users\Scott\AppData\Local\{1C8391EE-ED3A-4F38-B60D-DA4D1F81F137}

2012-05-25 05:33:05 -------- d-----w- C:\Users\Scott\AppData\Local\{CD48811E-F2A0-447F-9E55-DEC47C766A93}

2012-05-24 17:06:55 -------- d-----w- C:\Users\Scott\AppData\Local\{73F1FF57-E7F9-4AD3-9043-1632FC6C0D6A}

2012-05-24 17:05:51 -------- d-----w- C:\Users\Scott\AppData\Local\{D4AA4094-17D6-4C05-9961-78DA12D53863}

2012-05-24 05:04:42 -------- d-----w- C:\Users\Scott\AppData\Local\{50E479EE-AB33-47AD-A650-F3CF525BEB19}

2012-05-24 05:03:09 -------- d-----w- C:\Users\Scott\AppData\Local\{0B7CD0D0-8565-4F74-9E12-E2254552EC8F}

2012-05-23 14:02:00 -------- d-----w- C:\Users\Scott\AppData\Local\{E6FBDF86-5507-4551-A9CD-F2FFE76DF81D}

2012-05-23 14:01:56 -------- d-----w- C:\Users\Scott\AppData\Local\{06AEC37A-2F6E-490B-8712-C8A185026FE5}

2012-05-22 22:38:27 -------- d-----w- C:\Users\Scott\AppData\Local\{3BA6661D-3AC1-4B28-8022-F10B01D559D0}

2012-05-22 22:37:33 -------- d-----w- C:\Users\Scott\AppData\Local\{E28D6063-AF1A-4CC3-BA45-511442F61EDC}

2012-05-22 10:37:31 -------- d-----w- C:\Users\Scott\AppData\Local\{28DA9D53-2DE3-4281-A3A6-2738F8EC00B7}

2012-05-22 10:37:30 -------- d-----w- C:\Users\Scott\AppData\Local\{0E01A5B3-16F1-47F1-925D-D9FD3E313FC0}

2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-05-21 22:36:30 -------- d-----w- C:\Users\Scott\AppData\Local\{24BA3F2C-6E22-49B2-9143-BF3D53F3EF2C}

2012-05-21 22:36:08 -------- d-----w- C:\Users\Scott\AppData\Local\{C0674A10-8B91-4C49-AC2E-73612A5CB755}

2012-05-18 18:08:23 -------- d-----w- C:\Users\Scott\AppData\Local\{D11E18E9-5393-4638-9247-0E7648B5BED5}

2012-05-18 18:07:08 -------- d-----w- C:\Users\Scott\AppData\Local\{E8B5D218-4BE5-4BFB-AA22-8E5CD36C090C}

.

==================== Find3M ====================

.

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-09 19:21:36 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 23:28:08.40 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 15/04/2010 10:16:32 AM

System Uptime: 16/06/2012 10:12:25 PM (1 hours ago)

.

Motherboard: Gateway | | H57M01

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 914 GiB total, 735.444 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP288: 04/06/2012 3:00:12 AM - Windows Update

RP289: 08/06/2012 4:35:10 AM - Windows Update

RP290: 12/06/2012 12:43:41 AM - Installed Java 6 Update 32

RP291: 13/06/2012 4:33:00 PM - Windows Update

RP292: 14/06/2012 3:00:12 AM - Windows Update

RP293: 16/06/2012 8:40:50 AM - Installed Java 6 Update 33

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Advertising Center

AMD DnD V1.0.19

Apple Application Support

Apple Software Update

Babylon toolbar on IE

Backup Manager Advance

BufferChm

C4700

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catan - Cities and Knights

Catan Online World

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

D3DX10

Destinations

DeviceDiscovery

Dropbox

eBay Worldwide

EPS Viewer

Gateway Games

Gateway InfoCentre

Gateway MyBackup

Gateway Photo Frame 4.2.3.10

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HP Photo Creations

HP Update

HPPhotoGadget

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

Identity Card

ImagXpress

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 33

JMicron JMB36X Driver

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Student 2010 - English

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Suite Activation Assistant

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

PS_AIO_06_C4700_SW_Min

QuickTime

QuickTransfer