fireman5214 Posted July 12, 2012 ID:569839 Share Posted July 12, 2012 Hello all, I have recently tried to download the new version of adobe flashplayer 11.3 off of adobe.com and I have sometype of malware that when I search on google.com and I click the search result it takes me to a popup not of what I want. Also it will randomly put up these pop ups by Itself. This comes after I had to update adobe as my youtube videos stopped play, well some play and some dont but it seems to be an issue with youtube in all browsers as per the latest help techincian from google.com/youtube. I have done a malwarebytes scan and it found 2 trojans. I deleted them. I run a dell inspiron 17R laptop windows 64bit, Internet Explorer 9 windows 7. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 12, 2012 Staff ID:569880 Share Posted July 12, 2012 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, download DDS by sUBs and save it to your Desktop. Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
fireman5214 Posted July 12, 2012 Author ID:569913 Share Posted July 12, 2012 here is the Malwarebytes log:alwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.07.11.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Jason :: JASON-PC [administrator]7/12/2012 3:47:07 PMmbam-log-2012-07-12 (16-01-06).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 237207Time elapsed: 6 minute(s),Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.(end)-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Here is the DDS.txt log:DS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1Run by Jason at 16:03:41 on 2012-07-12Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1482 [GMT -4:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exec:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files\Dell\DellDock\DellDock.exeC:\Windows\system32\SearchIndexer.exec:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files\Windows Media Player\wmpnetwk.exec:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Dell Support Center\imstrayicon.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDnsC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\DllHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175uInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FilemURLSearchHooks: H - No FileBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exeuRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServeruRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exeuRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotifyuRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exeuRun: [sdApp.exe] C:\Program Files (x86)\ShoppingDaisy\sdApp.exeuRun: [Facebook Update] "C:\Users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashservermRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /bootmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"dRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exeStartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exeStartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKS~1.LNK - C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllLSP: mswsock.dllDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabTCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113} : DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\34963736F68393734383 : DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\36271607079656B696C6C616 : DhcpNameServer = 192.168.1.1TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\54E64727F60797D27657563747 : DhcpNameServer = 208.59.247.45 208.59.247.46 192.168.33.1TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\C696E6B6379737 : DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{F40578BB-8BCB-4CA6-88E8-CF2738CFCE17} : DhcpNameServer = 13.35.0.1 13.35.0.2Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-X64: 0x1 - No FileBHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO-X64: HP Print Enhancer - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO-X64: SkypeIEPluginBHO - No FileBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllBHO-X64: HP Smart BHO Class - No FileTB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No FileEB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No FilemRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /bootmRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm.============= SERVICES / DRIVERS ===============.R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2004-9-23 26720]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29:10];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-3-3 146928]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-3 98208]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-3 705856]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-3 2533400]R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 250056]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-07-12 04:06:25 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-12 01:30:51 -------- d-----w- C:\Users\Jason\AppData\Local\{446EFD93-B267-4315-9AC4-080D8599118D}2012-07-11 14:27:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%2012-07-02 17:30:56 -------- d-----w- C:\Users\Jason\AppData\Roaming\CANON INC2012-07-02 17:29:12 -------- d-----w- C:\Users\Jason\AppData\Roaming\ZoomBrowser EX2012-06-28 23:35:58 -------- d-----w- C:\ProgramData\ZoomBrowser2012-06-28 23:35:36 -------- d-----w- C:\ProgramData\Canon_Inc_IC2012-06-28 23:35:35 -------- d-----w- C:\Program Files (x86)\Canon2012-06-28 23:14:46 -------- d-----w- C:\Program Files (x86)\Common Files\Canon2012-06-23 17:30:27 -------- d-----w- C:\Users\Jason\AppData\Local\{C2214F2E-5896-49F9-A87D-51A54588924F}.==================== Find3M ====================.2012-07-11 14:33:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-11 14:33:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-06-02 22:59:18 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll2012-06-02 22:59:18 839112 ----a-w- C:\Windows\System32\deployJava1.dll2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-05-26 01:31:10 84992 ----a-w- C:\ProgramData\compntui.dll2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts.============= FINISH: 16:04:26.90 =============== Link to post Share on other sites More sharing options...
fireman5214 Posted July 13, 2012 Author ID:570376 Share Posted July 13, 2012 just making sure you got my reply above Link to post Share on other sites More sharing options...
fireman5214 Posted July 14, 2012 Author ID:570706 Share Posted July 14, 2012 should I run another scan? Link to post Share on other sites More sharing options...
fireman5214 Posted July 14, 2012 Author ID:570735 Share Posted July 14, 2012 im still getting a popup every now and then. not sure if I should run any other scan? Link to post Share on other sites More sharing options...
fireman5214 Posted July 15, 2012 Author ID:570925 Share Posted July 15, 2012 anybody have any advice for me? I am still getting the stuff that I posted in the 1st message. Its been 48 hours + now and wasnt sure if I had anything wrong as i posted the above dds and the mbam. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 16, 2012 Staff ID:571176 Share Posted July 16, 2012 fireman5214, please stop bumping your topic. Every time you do, you get pushed to the bottom of my 100 person reply queue. Be patient and I'll get to you as soon as I can, but please don't bump.Please visit this webpage for instructions for running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
fireman5214 Posted July 16, 2012 Author ID:571308 Share Posted July 16, 2012 I ran combo fix and got an error on my computer,C:\program files(x86)\internet explorer\iexplore.exeillegal Operation attempted on a registry key that has been marked for deletion.(click ok or x it out)another box opens:Can't open this itemit might have been moved, renamed or deleted. Don you want to removes this item?same things come for Skype, Yahoo Messenger, and any other program on my computer. Can i restore? Link to post Share on other sites More sharing options...
fireman5214 Posted July 16, 2012 Author ID:571352 Share Posted July 16, 2012 ok i rebooted like mrc stated in the other thread, also I wasnt bumping the thread just thought there was nothing wrong that you saw in the report and thought my comp was ok and gave up on the thread since there was nothing you could do. Here are the combofix and NEW DDS reportsComboFix 12-07-14.01 - Jason 07/16/2012 0:11.4.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2408 [GMT -4:00]Running from: c:\users\Jason\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dllc:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dllc:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dllc:\windows\assembly\GAC_32\Desktop.inic:\windows\assembly\GAC_64\Desktop.inic:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000004.@c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\1afb2d56c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\201d3ddec:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000004.@c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000008.@c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\000000cb.@c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000000.@c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000032.@c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000064.@.Infected copy of c:\windows\system32\services.exe was found and disinfectedRestored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe..((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))..2012-07-16 04:23 . 2012-07-16 04:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2012-07-16 04:23 . 2012-07-16 04:23 -------- d-----w- c:\users\Public\AppData\Local\temp2012-07-16 04:23 . 2012-07-16 04:23 -------- d-----w- c:\users\Default\AppData\Local\temp2012-07-16 04:23 . 2012-07-16 04:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp2012-07-16 04:01 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19A113F7-C84B-448B-9639-8BD705A93043}\mpengine.dll2012-07-12 04:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys2012-07-11 14:27 . 2012-07-11 14:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%2012-07-02 17:35 . 2012-07-02 17:35 -------- d-----w- c:\users\Jason\AppData\Roaming\canon2012-07-02 17:30 . 2012-07-02 17:30 -------- d-----w- c:\users\Jason\AppData\Roaming\CANON INC2012-07-02 17:29 . 2012-07-11 18:00 -------- d-----w- c:\users\Jason\AppData\Roaming\ZoomBrowser EX2012-06-28 23:35 . 2012-06-28 23:35 -------- d-----w- c:\programdata\ZoomBrowser2012-06-28 23:35 . 2012-06-28 23:35 -------- d-----w- c:\programdata\Canon_Inc_IC2012-06-28 23:35 . 2012-06-28 23:36 -------- d-----w- c:\program files (x86)\Canon2012-06-28 23:14 . 2012-06-28 23:14 -------- d-----w- c:\program files (x86)\Common Files\Canon...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-11 14:33 . 2012-06-05 20:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-11 14:33 . 2012-06-05 20:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-06-02 22:59 . 2012-06-02 22:59 955848 ----a-w- c:\windows\system32\npDeployJava1.dll2012-06-02 22:59 . 2011-03-03 05:00 839112 ----a-w- c:\windows\system32\deployJava1.dll2012-06-02 22:19 . 2012-06-08 23:36 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-08 23:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-08 23:36 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-08 23:36 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-08 23:36 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-08 23:36 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-08 23:36 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 19:19 . 2012-06-08 23:35 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 19:15 . 2012-06-08 23:35 36864 ----a-w- c:\windows\system32\wuapp.exe2012-05-31 16:25 . 2012-03-09 15:09 279656 ------w- c:\windows\system32\MpSigStub.exe2012-05-26 01:31 . 2012-05-15 01:17 84992 ----a-w- c:\programdata\compntui.dll2012-05-04 11:06 . 2012-06-13 19:54 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 10:03 . 2012-06-13 19:54 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03 . 2012-06-13 19:54 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-05-01 05:40 . 2012-06-13 19:54 209920 ----a-w- c:\windows\system32\profsvc.dll2012-04-28 03:55 . 2012-06-13 19:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-26 05:41 . 2012-06-13 19:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll2012-04-26 05:41 . 2012-06-13 19:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-04-26 05:34 . 2012-06-13 19:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-04-24 05:37 . 2012-06-13 19:54 184320 ----a-w- c:\windows\system32\cryptsvc.dll2012-04-24 05:37 . 2012-06-13 19:54 140288 ----a-w- c:\windows\system32\cryptnet.dll2012-04-24 05:37 . 2012-06-13 19:54 1462272 ----a-w- c:\windows\system32\crypt32.dll2012-04-24 04:36 . 2012-06-13 19:54 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll2012-04-24 04:36 . 2012-06-13 19:54 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2012-04-24 04:36 . 2012-06-13 19:54 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]"Facebook Update"="c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376].c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]KODAK Software Updater.lnk - c:\program files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".2;2 cvhsvc;Client Virtualization Handler [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1255736]R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 22:35 146928]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-31 53800]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-31 35104]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 14:33].2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 21:47].2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 21:47].2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02].2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02].2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00].2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00].2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11].2012-07-15 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 208.59.247.45 208.59.247.46.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-10 - (no file)Wow6432Node-HKCU-Run-sdApp.exe - c:\program files (x86)\ShoppingDaisy\sdApp.exeWebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54"{64D7ECDD-7E88-4292-889B-046055145CD6}"=hex:51,66,7a,6c,4c,1d,38,12,b3,ef,c4, 60,ba,30,fc,07,f7,8d,47,20,50,4a,18,c2"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{5E07EBD4-381E-4F32-8CB9-8280222D9009}"=hex:51,66,7a,6c,4c,1d,38,12,ba,e8,14, 5a,2c,76,5c,0a,f3,af,c1,c0,27,73,d4,1d"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85, b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:a7,d1,5f,06,d4,3c,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Bonjour\mDNSResponder.exec:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEc:\program files (x86)\Dell DataSafe Local Backup\Toaster.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2012-07-16 00:40:58 - machine was rebootedComboFix-quarantined-files.txt 2012-07-16 04:40.Pre-Run: 554,647,359,488 bytes freePost-Run: 554,670,215,168 bytes free.- - End Of File - - 2BEACDCA20C2EF9762B1C8C8AC38AA59------------------------------------------------------------------------------------------------------------------------------------------------------------------------------DDSDDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1Run by Jason at 10:34:41 on 2012-07-16Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2053 [GMT -4:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exec:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\Explorer.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\TiVo\Desktop\TiVoServer.exeC:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exeC:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Dell\DellDock\DellDock.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exec:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exec:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\DllHost.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175uInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FilemURLSearchHooks: H - No FileBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exeuRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServeruRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exeuRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotifyuRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exeuRun: [Facebook Update] "C:\Users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /bootmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"dRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exeStartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exeStartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKS~1.LNK - C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabTCP: DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113} : DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\34963736F68393734383 : DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\36271607079656B696C6C616 : DhcpNameServer = 192.168.1.1TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\54E64727F60797D27657563747 : DhcpNameServer = 208.59.247.45 208.59.247.46 192.168.33.1TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\C696E6B6379737 : DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{F40578BB-8BCB-4CA6-88E8-CF2738CFCE17} : DhcpNameServer = 13.35.0.1 13.35.0.2Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-X64: 0x1 - No FileBHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO-X64: HP Print Enhancer - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO-X64: SkypeIEPluginBHO - No FileBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllBHO-X64: HP Smart BHO Class - No FileTB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No FileEB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No FilemRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /bootmRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm.============= SERVICES / DRIVERS ===============.R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2004-9-23 26720]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29:10];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-3-3 146928]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-3 98208]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-3 705856]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-3 2533400]R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 250056]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-07-16 12:47:53 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1ED7E925-FB3E-4A18-B596-340B96AD60F2}\mpengine.dll2012-07-16 04:27:29 -------- d-----w- C:\$RECYCLE.BIN2012-07-16 04:09:30 98816 ----a-w- C:\Windows\sed.exe2012-07-16 04:09:30 518144 ----a-w- C:\Windows\SWREG.exe2012-07-16 04:09:30 256000 ----a-w- C:\Windows\PEV.exe2012-07-16 04:09:30 208896 ----a-w- C:\Windows\MBR.exe2012-07-12 04:06:25 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-12 01:30:51 -------- d-----w- C:\Users\Jason\AppData\Local\{446EFD93-B267-4315-9AC4-080D8599118D}2012-07-11 14:27:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%2012-07-02 17:30:56 -------- d-----w- C:\Users\Jason\AppData\Roaming\CANON INC2012-07-02 17:29:12 -------- d-----w- C:\Users\Jason\AppData\Roaming\ZoomBrowser EX2012-06-28 23:35:58 -------- d-----w- C:\ProgramData\ZoomBrowser2012-06-28 23:35:36 -------- d-----w- C:\ProgramData\Canon_Inc_IC2012-06-28 23:35:35 -------- d-----w- C:\Program Files (x86)\Canon2012-06-28 23:14:46 -------- d-----w- C:\Program Files (x86)\Common Files\Canon2012-06-23 17:30:27 -------- d-----w- C:\Users\Jason\AppData\Local\{C2214F2E-5896-49F9-A87D-51A54588924F}.==================== Find3M ====================.2012-07-11 14:33:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-11 14:33:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-06-02 22:59:18 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll2012-06-02 22:59:18 839112 ----a-w- C:\Windows\System32\deployJava1.dll2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-05-26 01:31:10 84992 ----a-w- C:\ProgramData\compntui.dll2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts.============= FINISH: 10:35:10.41 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted July 17, 2012 Staff ID:571908 Share Posted July 17, 2012 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
fireman5214 Posted July 18, 2012 Author ID:572452 Share Posted July 18, 2012 I have no ESET log, all it comes up with is what is below:ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OKBUT if i click "LIST OF FOUND THREATS" and click copy to TXT i get this:C:\ProgramData\compntui.dll a variant of Win32/Kryptik.AHEJ trojan cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000000.@.vir Win64/Sirefef.AE trojan cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantinedC:\Users\Jason\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantinedC:\Users\Jason\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\000000cb.@ Win64/Sirefef.AI trojan cleaned by deleting - quarantinedC:\Users\Jason\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantinedC:\Users\Jason\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantinedC:\Users\Jason\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantinedC:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7688dca-2afdab2b Java/Exploit.CVE-2011-3544.T trojan deleted - quarantinedC:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\70e83d9f-2ec3dda8 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantinedC:\Users\Jason\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-17d1a94f multiple threats deleted - quarantined(ALSO I CLICKED DELETE QUARANTINED FILES) before clicking FINISH on the ESET so now I am doing the SECRITY CHECK, i was not home yesterday so I could not work on this until today. Link to post Share on other sites More sharing options...
fireman5214 Posted July 18, 2012 Author ID:572471 Share Posted July 18, 2012 seems like google is not redirecting anymore, I was looking to download AVAST Anti Virus on here after i resolved this problem. below is the log from SECURITY CHECKResults of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 JavaFX 2.1.0 Java 7 Update 4 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date!````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
fireman5214 Posted July 18, 2012 Author ID:572474 Share Posted July 18, 2012 oh also it says java and adobe out of date.... I just installed these when mr charlie helped me the beginning of June and Adobe I tried to download the new one and it is what gave me these problems off Adobe.com!!!!!! Link to post Share on other sites More sharing options...
Staff screen317 Posted July 19, 2012 Staff ID:573103 Share Posted July 19, 2012 Hi,Thanks for the update.Run TFC by OldTimer to clear temporary files:Please download TFC from here and save it to your desktop.Close any open programs and Internet browsers.Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):JavaFX 2.1.0 Java™ 7 Update 4 Adobe Reader 9Restart your computer.Get the latest version of Java.Try Foxit Reader instead:http://www.foxitsoftware.com/Secure_PDF_Reader/Let me know what issues remain. Link to post Share on other sites More sharing options...
fireman5214 Posted July 20, 2012 Author ID:573615 Share Posted July 20, 2012 i did everything up above except delete security check, I have searched for a way to uninstall it, also I have restarted my comp after deleting the other objects and it is still here. Any help would be appreciated on how to download security check. everything else seems to be fine at the moment. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 20, 2012 Staff ID:573743 Share Posted July 20, 2012 Just delete SecurityCheck.exe (right-click and click Delete). Link to post Share on other sites More sharing options...
fireman5214 Posted July 22, 2012 Author ID:574375 Share Posted July 22, 2012 ok I thought i had to do add/remove programs or something. also woke up this morning to a blue screen error, is that something different then the stuff we did? Link to post Share on other sites More sharing options...
fireman5214 Posted July 22, 2012 Author ID:574525 Share Posted July 22, 2012 i had another bluescreen error this morning again after accidentally leaving yahoo messenger on all night (not sure if this would cause a problem) but the laptop still went on its normal standby. below are details of the blue screenBCP2: FFFFFA80048DB060BCP3: FFFFF80000B9C518BCP4: FFFFFA800D9EE490OS Version: 6_1_7601Service Pack: 1_0Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\072212-23790-01.dmpC:\Users\Jason\AppData\Local\Temp\WER-144004-0.sysdata.xml Read our privacy statement online:http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline:C:\Windows\system32\en-US\erofflps.txtroblem signature:Problem Event Name: BlueScreenOS Version: 6.1.7601.2.1.0.768.3Locale ID: 1033Additional information about the problem:BCCode: 9fBCP1: 0000000000000003 Link to post Share on other sites More sharing options...
Staff screen317 Posted July 25, 2012 Staff ID:576132 Share Posted July 25, 2012 Hi,Download BlueScreenView and save it to your Desktop.Double click on BlueScreenView.exe file to run the program.When it finishes scanning, click Edit --> Select All.Click File --> Save Selected ItemsSave the report as BSOD.txt to your Desktop.Post the contents of BSOD.txtin your next reply.Click Start --> Run, enter cmd.exe, and press EnterIn the black box that appears, enter this command exactly as shown:chkdsk>"%userprofile%\desktop\chkdsk.txt"Press Enter.When it finishes, open chkdsk.txt on your Desktop and post its contents here.-screen317 Link to post Share on other sites More sharing options...
fireman5214 Posted July 26, 2012 Author ID:576741 Share Posted July 26, 2012 sorry I never saw that you replied. I will do this tomorrow morning, im in eastern pa, expecting bad storms tomorrow, will report back when I get power back If I lose it. I am hoping not to though! Link to post Share on other sites More sharing options...
Staff screen317 Posted July 27, 2012 Staff ID:577190 Share Posted July 27, 2012 Okay thanks for the update. Thunderstorms here in Connecticut right now! Link to post Share on other sites More sharing options...
fireman5214 Posted July 27, 2012 Author ID:577234 Share Posted July 27, 2012 hello I didnt lose power luckily, had some storms with weak rotation in over my house, also alot of tornado warnings in northern pa of our weather firm i help with, their coverage area. I didnt get to do the CMD but i did the blue screenview scan and its contents below:==================================================Dump File : 072212-23790-01.dmpCrash Time : 7/22/2012 11:14:37 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048db060Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`0d9ee490Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7f1c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\072212-23790-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 910,808====================================================================================================Dump File : 072112-18782-01.dmpCrash Time : 7/21/2012 8:38:42 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048ea060Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`0a4c6260Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7f1c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\072112-18782-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 909,584====================================================================================================Dump File : 071512-19656-01.dmpCrash Time : 7/15/2012 6:47:02 PMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048c4060Parameter 3 : fffff800`049bc518Parameter 4 : fffffa80`094747f0Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7f1c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\071512-19656-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 913,448====================================================================================================Dump File : 070712-21606-01.dmpCrash Time : 7/7/2012 7:52:10 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048d9a10Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`0b6fb800Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7f1c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\070712-21606-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 915,608====================================================================================================Dump File : 060612-23259-01.dmpCrash Time : 6/6/2012 8:56:03 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048e5060Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`08f09010Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7f1c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\060612-23259-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 914,552====================================================================================================Dump File : 053012-19484-01.dmpCrash Time : 5/30/2012 3:34:48 PMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048df060Parameter 3 : fffff800`00ba2748Parameter 4 : fffffa80`094af800Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7f1c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\053012-19484-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 909,816====================================================================================================Dump File : 053012-21730-01.dmpCrash Time : 5/30/2012 10:45:58 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048e2a10Parameter 3 : fffff800`049bf518Parameter 4 : fffffa80`0af36c60Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7f1c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\053012-21730-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 911,328====================================================================================================Dump File : 052812-18111-01.dmpCrash Time : 5/28/2012 9:06:08 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048dca10Parameter 3 : fffff800`049c6518Parameter 4 : fffffa80`09dcfcf0Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7f1c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\052812-18111-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 910,528====================================================================================================Dump File : 052512-28485-01.dmpCrash Time : 5/25/2012 4:37:04 PMBug Check String : SYSTEM_SERVICE_EXCEPTIONBug Check Code : 0x0000003bParameter 1 : 00000000`c0000005Parameter 2 : fffff880`02eb443aParameter 3 : fffff880`1ff96a50Parameter 4 : 00000000`00000000Caused By Driver : afd.sysCaused By Address : afd.sys+243aFile Description :Product Name :Company :File Version :Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\052512-28485-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 283,768====================================================================================================Dump File : 051912-19734-01.dmpCrash Time : 5/19/2012 8:43:37 PMBug Check String : SYSTEM_SERVICE_EXCEPTIONBug Check Code : 0x0000003bParameter 1 : 00000000`c0000005Parameter 2 : fffff880`0404743aParameter 3 : fffff880`0b950a50Parameter 4 : 00000000`00000000Caused By Driver : afd.sysCaused By Address : afd.sys+243aFile Description :Product Name :Company :File Version :Processor : x64Crash Address : ntoskrnl.exe+7f1c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\051912-19734-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 283,768====================================================================================================Dump File : 050212-15849-01.dmpCrash Time : 5/2/2012 8:50:19 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048d8060Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`0a8b3c60Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cc80File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cc80Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\050212-15849-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 914,176====================================================================================================Dump File : 042812-19250-01.dmpCrash Time : 4/28/2012 12:20:01 PMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048e0a10Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`0a4dc910Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cc80File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cc80Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\042812-19250-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 913,656====================================================================================================Dump File : 042412-21949-01.dmpCrash Time : 4/24/2012 10:46:23 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048dfa10Parameter 3 : fffff800`049b8518Parameter 4 : fffffa80`08f61600Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cc80File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cc80Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\042412-21949-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 915,216====================================================================================================Dump File : 031712-19812-01.dmpCrash Time : 3/17/2012 7:17:17 PMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048e0a10Parameter 3 : fffff800`00ba2748Parameter 4 : fffffa80`0a2aa980Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cd40File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cd40Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\031712-19812-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 913,424====================================================================================================Dump File : 021312-16723-01.dmpCrash Time : 2/13/2012 12:44:52 PMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048c59b0Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`093aba90Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cc40File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cc40Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\021312-16723-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 932,120====================================================================================================Dump File : 021212-19172-01.dmpCrash Time : 2/12/2012 6:03:10 PMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048eca10Parameter 3 : fffff800`04a9a518Parameter 4 : fffffa80`040565d0Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cc40File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cc40Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\021212-19172-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 933,160====================================================================================================Dump File : 021112-22074-01.dmpCrash Time : 2/11/2012 8:41:57 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048eba10Parameter 3 : fffff800`04aa7518Parameter 4 : fffffa80`0432ecf0Caused By Driver : tcpip.sysCaused By Address : tcpip.sys+17e810File Description :Product Name :Company :File Version :Processor : x64Crash Address : ntoskrnl.exe+7cc40Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\021112-22074-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 932,288====================================================================================================Dump File : 012912-18922-01.dmpCrash Time : 1/29/2012 9:28:14 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048e6a10Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`0ab0e010Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cc40File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cc40Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\012912-18922-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 935,768====================================================================================================Dump File : 121611-18688-01.dmpCrash Time : 12/16/2011 7:24:20 PMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048cba10Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`0979fc60Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cc40File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cc40Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\121611-18688-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 932,088====================================================================================================Dump File : 120511-25474-01.dmpCrash Time : 12/5/2011 8:09:10 PMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048e9060Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`0477acf0Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cc40File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cc40Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\120511-25474-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 935,880====================================================================================================Dump File : 100711-18002-01.dmpCrash Time : 10/7/2011 12:51:18 PMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048cb060Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`0d674550Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+7cc40File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+7cc40Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\100711-18002-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 1,028,584====================================================================================================Dump File : 082811-35271-01.dmpCrash Time : 8/28/2011 3:07:39 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048f0060Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`070d76a0Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+664c0File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+664c0Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\082811-35271-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7600Dump File Size : 865,008====================================================================================================Dump File : 080411-20342-01.dmpCrash Time : 8/4/2011 9:00:32 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x0000009fParameter 1 : 00000000`00000003Parameter 2 : fffffa80`048f1a20Parameter 3 : fffff800`00b9c518Parameter 4 : fffffa80`03f63180Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+66580File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+66580Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\080411-20342-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7600Dump File Size : 862,240====================================================================================================Dump File : 071911-21184-01.dmpCrash Time : 7/19/2011 12:22:20 AMBug Check String : BAD_POOL_CALLERBug Check Code : 0x000000c2Parameter 1 : 00000000`00000007Parameter 2 : 00000000`00001097Parameter 3 : 00000000`c9ea00c1Parameter 4 : fffff880`0300d094Caused By Driver : NETw5s64.sysCaused By Address : NETw5s64.sys+23c5dFile Description :Product Name :Company :File Version :Processor : x64Crash Address : ntoskrnl.exe+66580Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\071911-21184-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7600Dump File Size : 280,144====================================================================================================Dump File : 061011-18033-01.dmpCrash Time : 6/10/2011 8:24:57 AMBug Check String : DRIVER_POWER_STATE_FAILUREBug Check Code : 0x1000009fParameter 1 : 00000000`00000004Parameter 2 : 00000000`00000258Parameter 3 : fffffa80`03ba7040Parameter 4 : fffff800`00b9c510Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+6c4daFile Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+6c4daStack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\061011-18033-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7600Dump File Size : 525,752====================================================================================================Dump File : 041511-16177-01.dmpCrash Time : 4/15/2011 7:04:30 PMBug Check String : REFERENCE_BY_POINTERBug Check Code : 0x00000018Parameter 1 : fffffa80`03b8b570Parameter 2 : fffffa80`0a15c450Parameter 3 : 00000000`00000001Parameter 4 : 00000000`00000001Caused By Driver : ntoskrnl.exeCaused By Address : ntoskrnl.exe+66580File Description : NT Kernel & SystemProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)Processor : x64Crash Address : ntoskrnl.exe+66580Stack Address 1 :Stack Address 2 :Stack Address 3 :Computer Name :Full Path : C:\Windows\Minidump\041511-16177-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7600Dump File Size : 279,840================================================== Link to post Share on other sites More sharing options...
fireman5214 Posted July 27, 2012 Author ID:577490 Share Posted July 27, 2012 Click Start --> Run, enter cmd.exe, and press EnterIn the black box that appears, enter this command exactly as shown:chkdsk>"%userprofile%\desktop\chkdsk.txt"Press Enter.When it finishes, open chkdsk.txt on your Desktop and post its contents here.-screen317this is all i get: Access Denied as you do not have sufficient privileges.You have to invoke this utility running in elevated mode. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 30, 2012 Staff ID:578342 Share Posted July 30, 2012 Hi,Click Start. Type in cmd.exe but don't click on it yet. Right-click it and click "Run as Admin.."Repeat the previous steps and it should work now. Link to post Share on other sites More sharing options...
Recommended Posts