Jump to content

Recommended Posts

Hi, well basically i was sent a dodgy file by a friends email which got hacked and i'm normally quite careful with anything from the net but as i thought it was a trusted source i was careless. The next thing i know Norton is giving me a warning about possible w32 vbna.b activity being blocked but no action was taken it couldn't clear it. It was saying the offending file was C:\Windows\Microsoft.NET\Framework\v2.0.50727\Applaunch.exe i uninstalled microsoft.net and reinstalled it from windows update but there may have been registry changes aswell as aftern running a malwarebytes scan it picks up 3 issues:

Registry Keys Infected:

HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Hijack.Shell.Gen) -> No action taken.

Files Infected:

C:\Users\Scott\AppData\Roaming\local.exe (Trojan.Agent) -> No action taken.

I have had malwarebytes remove these and then restarted my laptop, when i scan again they are back but i haven't seen norton popup to warn me of suspected w32 vbna b activity for a while but i know with worms they can be scheduled to only start at certain times.

I would really appreciate any help anyone can give so i can get a clean system or confirm i have a clean system.

Many thanks for your help!

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

http://tigzy.geeksto...ueKillerX64.exe <---use this one for 64 bit systems

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>
The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hi thanks for helping. i did the scans as you requested here are the results. My brother and i both use this machine so some programs i know of but others are ones he has used.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2

Run by Scott at 7:25:29 on 2013-02-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3894.2086 [GMT 0:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Scott\AppData\Local\Temp\BioCredProv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://www.bigseekpro.com/acaladvd/{49A0BF96-632D-45B4-A6A9-B90FB295F923}

uProxyServer = hxxp=;ftp=;https=;

uWinlogon: Shell = C:\Windows\explorer.exe,C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"

uRun: [Microsoft Routing Utilities] C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Scott\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - C:\Users\Scott\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{B8453C61-EB6A-4A45-9AC7-9901FF6D73B1} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{B8453C61-EB6A-4A45-9AC7-9901FF6D73B1}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\cn6uvov4.default\

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll

FF - plugin: c:\Program Files (x86)\Sony\Media Go\npmediago.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-02-07 19:41; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

FF - ExtSQL: 2013-02-17 13:03; support@platinumhideip.com; C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\cn6uvov4.default\extensions\support@platinumhideip.com.xpi

FF - ExtSQL: !HIDDEN! 2011-08-13 21:29; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1402010.016\symds64.sys [2013-1-23 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1402010.016\symefa64.sys [2013-1-23 1133216]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1402010.016\ccsetx64.sys [2013-1-23 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130220.002\IDSviA64.sys [2013-2-21 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1402010.016\ironx64.sys [2013-1-23 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1402010.016\symnets.sys [2013-1-23 432800]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-25 98208]

R2 BroadCamService;BroadCam Video Streaming Server;C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe [2012-4-1 2469380]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-7-2 27192]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-25 13336]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccsvchst.exe [2013-1-23 143928]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2011-3-4 90112]

R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-25 2320920]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]

S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-9 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-25 225280]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-25 333928]

S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);C:\Windows\System32\drivers\s1039bus.sys [2011-3-4 127600]

S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;C:\Windows\System32\drivers\s1039mdfl.sys [2011-3-4 19568]

S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;C:\Windows\System32\drivers\s1039mdm.sys [2011-3-4 161904]

S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1039mgmt.sys [2011-3-4 141424]

S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1039nd5.sys [2011-3-4 34416]

S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1039obex.sys [2011-3-4 137328]

S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1039unic.sys [2011-3-4 158320]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-9 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-2 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2013-02-22 07:24:11 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-22 00:13:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98BAEE8F-4E3B-4EC9-BBFB-9469A9B0A2F6}\offreg.dll

2013-02-21 23:12:31 -------- d-----w- C:\MGtools

2013-02-21 22:54:39 -------- d-----w- C:\ProgramData\HitmanPro

2013-02-21 22:14:28 -------- d-----w- C:\Program Files\CCleaner

2013-02-19 21:03:46 -------- d-----w- C:\Users\Scott\AppData\Local\NPE

2013-02-19 20:42:24 -------- d-----w- C:\ProgramData\AVAST Software

2013-02-19 20:42:24 -------- d-----w- C:\Program Files\AVAST Software

2013-02-19 19:54:58 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98BAEE8F-4E3B-4EC9-BBFB-9469A9B0A2F6}\mpengine.dll

2013-02-18 21:23:14 -------- d-----w- C:\Users\Scott\Doctor Web

2013-02-18 20:14:16 -------- d-----w- C:\Users\Scott\AppData\Roaming\Curiolab

2013-02-17 22:57:35 -------- d-----w- C:\Program Files (x86)\PC Tools

2013-02-17 18:47:59 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2013-02-17 18:47:59 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2013-02-17 18:47:35 -------- d-----w- C:\ProgramData\PC Tools

2013-02-17 18:47:34 -------- d-----w- C:\Users\Scott\AppData\Roaming\TestApp

2013-02-17 14:44:14 9216 ---h--r- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe

2013-02-17 13:22:10 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys

2013-02-17 13:21:25 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe

2013-02-17 13:21:21 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe

2013-02-17 13:21:21 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys

2013-02-17 13:21:02 942192 ----a-w- C:\Windows\System32\vnetlib64.dll

2013-02-17 13:20:51 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys

2013-02-17 13:20:49 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys

2013-02-17 13:20:07 -------- d-----w- C:\Program Files (x86)\VMware

2013-02-17 13:20:07 -------- d-----w- C:\Program Files (x86)\Common Files\VMware

2013-02-17 13:19:05 -------- d-----w- C:\Program Files\Common Files\VMware

2013-02-17 13:03:22 -------- d-----w- C:\Users\Scott\AppData\Roaming\PlatinumHideIP

2013-02-17 13:03:22 -------- d-----w- C:\ProgramData\PlatinumHideIP

2013-02-17 12:59:46 -------- d-----w- C:\Program Files (x86)\PlatinumHideIP

2013-02-17 12:13:17 -------- d-----w- C:\Users\Scott\AppData\Local\Thunderbird

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-12 20:56:03 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 20:56:03 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 20:53:05 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-12 20:53:04 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-12 20:53:04 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-12 20:52:01 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-12 20:51:32 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-12 20:51:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-12 20:51:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-12 20:51:31 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-12 20:51:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-12 20:51:31 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-12 20:50:59 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-12 20:50:59 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-23 19:47:22 432800 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\symnets.sys

2013-01-23 19:47:22 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1402010.016\symelam.sys

2013-01-23 19:47:21 776864 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\srtsp64.sys

2013-01-23 19:47:21 493216 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\symds64.sys

2013-01-23 19:47:21 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1402010.016\srtspx64.sys

2013-01-23 19:47:21 224416 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\ironx64.sys

2013-01-23 19:47:21 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\ccsetx64.sys

2013-01-23 19:47:21 1133216 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\symefa64.sys

2013-01-23 19:45:55 -------- d-----w- C:\Windows\System32\drivers\N360x64\1402010.016

.

==================== Find3M ====================

.

2013-02-22 07:24:03 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-02-22 07:24:03 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-17 16:12:54 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-17 16:12:54 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 7:25:45.11 ===============

Attatch.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 28/02/2011 20:45:12

System Uptime: 21/02/2013 23:19:34 (8 hours ago)

.

Motherboard: Hewlett-Packard | | 1439

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU | 2266/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 449 GiB total, 234.194 GiB free.

D: is FIXED (NTFS) - 16 GiB total, 2.344 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart B110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart B110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart B110 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart B110 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP135: 22/02/2013 07:22:46 - Removed Java 6 Update 39

RP136: 22/02/2013 07:23:49 - Installed Java 7 Update 15

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Adobe Shockwave Player 11.5

Agatha Christie - Death on the Nile

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avidemux 2.5

B110

Bejeweled 2 Deluxe

BitTorrent

Blackhawk Striker 2

Bonjour

BroadCam Video Streaming Server

Broadcom 802.11 Wireless LAN Adapter

BufferChm

CCleaner

Chuzzle Deluxe

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

CyberLink DVD Suite

CyberLink PowerDVD 9

CyberLink YouCam

D3DX10

Debut Video Capture Software

Destinations

DeviceDiscovery

Dora's Carnival Adventure

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

EVE Online (remove only)

FATE

File Shredder 2.0

File Shredder 2.5

Final Drive Nitro

Free 3GP Video Converter version 3.7.15

Free AVI MPEG WMV MP4 FLV Video Joiner 3.7.2.1

Free Disc Burner version 3.0.4.426

Free Easy Burner V 4.4.1

Free Studio version 5.4.9

Free Video to Flash Converter version 4.7.20

FrostWire Windows Gnutella ConnectFix 2012

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

HP Advisor

HP Customer Experience Enhancements

HP Customer Participation Program 14.0

HP Documentation

HP Games

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7

HP Power Manager

HP Product Detection

HP Quick Launch

HP Setup

HP Smart Web Printing 4.60

HP Software Framework

HP Solution Center 14.0

HP Support Assistant

HP Update

HP Wireless Assistant

HPAppStudio

HPAsset component for HP Active Support Library

HPDiagnosticAlert

HPPhotoGadget

HPProductAssistant

HPSSupply

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

iTunes

Java 7 Update 15

Java Auto Updater

Java 6 Update 20 (64-bit)

Jewel Quest - Heritage

Junk Mail filter update

Klingon Academy 1.0.2

LabelPrint

LightScribe System Software

LimeWire 4 ConnectFix 1.0

LPEConnectFix 1.0

Magic Desktop

Malwarebytes' Anti-Malware

MarketResearch

Media Go

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Office 2010

Microsoft Office FrontPage 2003

Microsoft Office Professional Edition 2003

Microsoft Office Project Professional 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft VM for Java

Mozilla Firefox 18.0.2 (x86 en-GB)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.2 (x86 en-GB)

MPC-HC 1.6.5.6366

MSN Toolbar

MSN Toolbar Platform

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

NewWrlds

Norton 360

Norton Online Backup

Penguins!

PhotoNow!

Plants vs. Zombies

Platinum Hide IP

PlayStation®Network Downloader

PlayStation®Store

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

Prism Video File Converter

PS_AIO_07_B110_SW_Min

PWGen 2.1.0

QuickTime

QuickTransfer

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Recovery Manager

Recuva

RtVOsd

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Shop for HP Supplies

SIW version 2011.10.29

SmartWebPrinting

SolutionCenter

Sony Ericsson PC Companion 1.60.13

Sony Ericsson PC Suite 6.011.00

Star Trek Online

Star Trek: Armada

Status

Synaptics Pointing Device Driver

Toolbox

TouchCopy 09

TrayApp

TrueCrypt

Uniblue RegistryBooster 2010

Uninstall 1.0.0.1

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

VideoPad Video Editor

Virtual Villagers - The Secret City

VLC media player 2.0.5

VmciSockets

VMware Player

WebReg

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live Toolbar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.00 beta 7 (32-bit)

ZC DVD Ripper 2.2.3

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

21/02/2013 23:17:02, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

21/02/2013 22:29:23, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

21/02/2013 22:29:23, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

21/02/2013 21:40:28, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

20/02/2013 20:55:13, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4 Client Profile for Windows 7 x64-based Systems (KB982670).

17/02/2013 23:02:45, Error: PCTCore [280] -

17/02/2013 22:51:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

17/02/2013 15:40:03, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

17/02/2013 15:34:16, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

17/02/2013 15:34:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

17/02/2013 15:34:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

.

==== End Of File ===========================

Rouge Killer Report

RogueKiller V8.5.1 _x64_ [Feb 21 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Scott [Admin rights]

Mode : Scan -- Date : 02/22/2013 07:48:39

| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] BioCredProv.exe -- C:\Users\Scott\AppData\Local\Temp\BioCredProv.exe [-] -> KILLED [TermProc]

[sUSP PATH] vmnethcp.exe -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe [-] -> KILLED [TermProc]

[sUSP PATH] vmnethcp.exe -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Microsoft Routing Utilities (C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-874494485-1173047617-425358044-1000[...]\Run : Microsoft Routing Utilities (C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe) [-] -> FOUND

[sHELL][sUSP PATH] HKCU\[...]\Winlogon : Shell (C:\Windows\explorer.exe,C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe) [-] -> FOUND

[sHELL][sUSP PATH] HKUS\S-1-5-21-874494485-1173047617-425358044-1000[...]\Winlogon : Shell (C:\Windows\explorer.exe,C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe) [-] -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-60A0RT0 +++++

--- User ---

[MBR] c8c501740a067b13f9baf080e3bdfd3c

[bSP] 40161cb4ef7fccb32429d2edd18dc6e7 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459992 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 942473216 | Size: 16644 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02222013_02d0748.txt >>

RKreport[1]_S_02222013_02d0748.txt

Link to post
Share on other sites

I didn't underline them to start with but i'll try again

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2

Run by Scott at 7:25:29 on 2013-02-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3894.2086 [GMT 0:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Scott\AppData\Local\Temp\BioCredProv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://www.bigseekpro.com/acaladvd/{49A0BF96-632D-45B4-A6A9-B90FB295F923}

uProxyServer = hxxp=;ftp=;https=;

uWinlogon: Shell = C:\Windows\explorer.exe,C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"

uRun: [Microsoft Routing Utilities] C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Scott\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - C:\Users\Scott\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{B8453C61-EB6A-4A45-9AC7-9901FF6D73B1} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{B8453C61-EB6A-4A45-9AC7-9901FF6D73B1}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\cn6uvov4.default\

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll

FF - plugin: c:\Program Files (x86)\Sony\Media Go\npmediago.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-02-07 19:41; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

FF - ExtSQL: 2013-02-17 13:03; support@platinumhideip.com; C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\cn6uvov4.default\extensions\support@platinumhideip.com.xpi

FF - ExtSQL: !HIDDEN! 2011-08-13 21:29; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1402010.016\symds64.sys [2013-1-23 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1402010.016\symefa64.sys [2013-1-23 1133216]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1402010.016\ccsetx64.sys [2013-1-23 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130220.002\IDSviA64.sys [2013-2-21 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1402010.016\ironx64.sys [2013-1-23 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1402010.016\symnets.sys [2013-1-23 432800]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-25 98208]

R2 BroadCamService;BroadCam Video Streaming Server;C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe [2012-4-1 2469380]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-7-2 27192]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-25 13336]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccsvchst.exe [2013-1-23 143928]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2011-3-4 90112]

R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-25 2320920]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-11 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]

S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-9 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-25 225280]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-25 333928]

S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);C:\Windows\System32\drivers\s1039bus.sys [2011-3-4 127600]

S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;C:\Windows\System32\drivers\s1039mdfl.sys [2011-3-4 19568]

S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;C:\Windows\System32\drivers\s1039mdm.sys [2011-3-4 161904]

S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1039mgmt.sys [2011-3-4 141424]

S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1039nd5.sys [2011-3-4 34416]

S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1039obex.sys [2011-3-4 137328]

S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1039unic.sys [2011-3-4 158320]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-9 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-2 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2013-02-22 07:24:11 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-22 00:13:38 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98BAEE8F-4E3B-4EC9-BBFB-9469A9B0A2F6}\offreg.dll

2013-02-21 23:12:31 -------- d-----w- C:\MGtools

2013-02-21 22:54:39 -------- d-----w- C:\ProgramData\HitmanPro

2013-02-21 22:14:28 -------- d-----w- C:\Program Files\CCleaner

2013-02-19 21:03:46 -------- d-----w- C:\Users\Scott\AppData\Local\NPE

2013-02-19 20:42:24 -------- d-----w- C:\ProgramData\AVAST Software

2013-02-19 20:42:24 -------- d-----w- C:\Program Files\AVAST Software

2013-02-19 19:54:58 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98BAEE8F-4E3B-4EC9-BBFB-9469A9B0A2F6}\mpengine.dll

2013-02-18 21:23:14 -------- d-----w- C:\Users\Scott\Doctor Web

2013-02-18 20:14:16 -------- d-----w- C:\Users\Scott\AppData\Roaming\Curiolab

2013-02-17 22:57:35 -------- d-----w- C:\Program Files (x86)\PC Tools

2013-02-17 18:47:59 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2013-02-17 18:47:59 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2013-02-17 18:47:35 -------- d-----w- C:\ProgramData\PC Tools

2013-02-17 18:47:34 -------- d-----w- C:\Users\Scott\AppData\Roaming\TestApp

2013-02-17 14:44:14 9216 ---h--r- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe

2013-02-17 13:22:10 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys

2013-02-17 13:21:25 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe

2013-02-17 13:21:21 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe

2013-02-17 13:21:21 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys

2013-02-17 13:21:02 942192 ----a-w- C:\Windows\System32\vnetlib64.dll

2013-02-17 13:20:51 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys

2013-02-17 13:20:49 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys

2013-02-17 13:20:07 -------- d-----w- C:\Program Files (x86)\VMware

2013-02-17 13:20:07 -------- d-----w- C:\Program Files (x86)\Common Files\VMware

2013-02-17 13:19:05 -------- d-----w- C:\Program Files\Common Files\VMware

2013-02-17 13:03:22 -------- d-----w- C:\Users\Scott\AppData\Roaming\PlatinumHideIP

2013-02-17 13:03:22 -------- d-----w- C:\ProgramData\PlatinumHideIP

2013-02-17 12:59:46 -------- d-----w- C:\Program Files (x86)\PlatinumHideIP

2013-02-17 12:13:17 -------- d-----w- C:\Users\Scott\AppData\Local\Thunderbird

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-12 20:56:03 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 20:56:03 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 20:53:05 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-12 20:53:04 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-12 20:53:04 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-12 20:52:01 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-12 20:51:32 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-12 20:51:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-12 20:51:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-12 20:51:31 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-12 20:51:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-12 20:51:31 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-12 20:50:59 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-12 20:50:59 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-23 19:47:22 432800 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\symnets.sys

2013-01-23 19:47:22 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1402010.016\symelam.sys

2013-01-23 19:47:21 776864 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\srtsp64.sys

2013-01-23 19:47:21 493216 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\symds64.sys

2013-01-23 19:47:21 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1402010.016\srtspx64.sys

2013-01-23 19:47:21 224416 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\ironx64.sys

2013-01-23 19:47:21 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\ccsetx64.sys

2013-01-23 19:47:21 1133216 ----a-w- C:\Windows\System32\drivers\N360x64\1402010.016\symefa64.sys

2013-01-23 19:45:55 -------- d-----w- C:\Windows\System32\drivers\N360x64\1402010.016

.

==================== Find3M ====================

.

2013-02-22 07:24:03 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-02-22 07:24:03 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-17 16:12:54 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-17 16:12:54 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 7:25:45.11 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 28/02/2011 20:45:12

System Uptime: 21/02/2013 23:19:34 (8 hours ago)

.

Motherboard: Hewlett-Packard | | 1439

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU | 2266/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 449 GiB total, 234.194 GiB free.

D: is FIXED (NTFS) - 16 GiB total, 2.344 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart B110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart B110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart B110 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Photosmart B110 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP135: 22/02/2013 07:22:46 - Removed Java 6 Update 39

RP136: 22/02/2013 07:23:49 - Installed Java 7 Update 15

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Adobe Shockwave Player 11.5

Agatha Christie - Death on the Nile

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avidemux 2.5

B110

Bejeweled 2 Deluxe

BitTorrent

Blackhawk Striker 2

Bonjour

BroadCam Video Streaming Server

Broadcom 802.11 Wireless LAN Adapter

BufferChm

CCleaner

Chuzzle Deluxe

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

CyberLink DVD Suite

CyberLink PowerDVD 9

CyberLink YouCam

D3DX10

Debut Video Capture Software

Destinations

DeviceDiscovery

Dora's Carnival Adventure

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

EVE Online (remove only)

FATE

File Shredder 2.0

File Shredder 2.5

Final Drive Nitro

Free 3GP Video Converter version 3.7.15

Free AVI MPEG WMV MP4 FLV Video Joiner 3.7.2.1

Free Disc Burner version 3.0.4.426

Free Easy Burner V 4.4.1

Free Studio version 5.4.9

Free Video to Flash Converter version 4.7.20

FrostWire Windows Gnutella ConnectFix 2012

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

HP Advisor

HP Customer Experience Enhancements

HP Customer Participation Program 14.0

HP Documentation

HP Games

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7

HP Power Manager

HP Product Detection

HP Quick Launch

HP Setup

HP Smart Web Printing 4.60

HP Software Framework

HP Solution Center 14.0

HP Support Assistant

HP Update

HP Wireless Assistant

HPAppStudio

HPAsset component for HP Active Support Library

HPDiagnosticAlert

HPPhotoGadget

HPProductAssistant

HPSSupply

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

iTunes

Java 7 Update 15

Java Auto Updater

Java 6 Update 20 (64-bit)

Jewel Quest - Heritage

Junk Mail filter update

Klingon Academy 1.0.2

LabelPrint

LightScribe System Software

LimeWire 4 ConnectFix 1.0

LPEConnectFix 1.0

Magic Desktop

Malwarebytes' Anti-Malware

MarketResearch

Media Go

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Office 2010

Microsoft Office FrontPage 2003

Microsoft Office Professional Edition 2003

Microsoft Office Project Professional 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft VM for Java

Mozilla Firefox 18.0.2 (x86 en-GB)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.2 (x86 en-GB)

MPC-HC 1.6.5.6366

MSN Toolbar

MSN Toolbar Platform

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

NewWrlds

Norton 360

Norton Online Backup

Penguins!

PhotoNow!

Plants vs. Zombies

Platinum Hide IP

PlayStation®Network Downloader

PlayStation®Store

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

Prism Video File Converter

PS_AIO_07_B110_SW_Min

PWGen 2.1.0

QuickTime

QuickTransfer

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Recovery Manager

Recuva

RtVOsd

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Shop for HP Supplies

SIW version 2011.10.29

SmartWebPrinting

SolutionCenter

Sony Ericsson PC Companion 1.60.13

Sony Ericsson PC Suite 6.011.00

Star Trek Online

Star Trek: Armada

Status

Synaptics Pointing Device Driver

Toolbox

TouchCopy 09

TrayApp

TrueCrypt

Uniblue RegistryBooster 2010

Uninstall 1.0.0.1

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

VideoPad Video Editor

Virtual Villagers - The Secret City

VLC media player 2.0.5

VmciSockets

VMware Player

WebReg

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live Toolbar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.00 beta 7 (32-bit)

ZC DVD Ripper 2.2.3

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

21/02/2013 23:17:02, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

21/02/2013 22:29:23, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

21/02/2013 22:29:23, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

21/02/2013 21:40:28, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

20/02/2013 20:55:13, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4 Client Profile for Windows 7 x64-based Systems (KB982670).

17/02/2013 23:02:45, Error: PCTCore [280] -

17/02/2013 22:51:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

17/02/2013 15:40:03, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

17/02/2013 15:34:16, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

17/02/2013 15:34:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

17/02/2013 15:34:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

.

==== End Of File ===========================

RK Report

RogueKiller V8.5.1 _x64_ [Feb 21 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Scott [Admin rights]

Mode : Scan -- Date : 02/22/2013 07:48:39

| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] BioCredProv.exe -- C:\Users\Scott\AppData\Local\Temp\BioCredProv.exe [-] -> KILLED [TermProc]

[sUSP PATH] vmnethcp.exe -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe [-] -> KILLED [TermProc]

[sUSP PATH] vmnethcp.exe -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Microsoft Routing Utilities (C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-874494485-1173047617-425358044-1000[...]\Run : Microsoft Routing Utilities (C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe) [-] -> FOUND

[sHELL][sUSP PATH] HKCU\[...]\Winlogon : Shell (C:\Windows\explorer.exe,C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe) [-] -> FOUND

[sHELL][sUSP PATH] HKUS\S-1-5-21-874494485-1173047617-425358044-1000[...]\Winlogon : Shell (C:\Windows\explorer.exe,C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe) [-] -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-60A0RT0 +++++

--- User ---

[MBR] c8c501740a067b13f9baf080e3bdfd3c

[bSP] 40161cb4ef7fccb32429d2edd18dc6e7 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459992 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 942473216 | Size: 16644 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02222013_02d0748.txt >>

RKreport[1]_S_02222013_02d0748.txt

Link to post
Share on other sites

That's better.......

Before we proceed further, please uninstall or disable BitTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

--------------------------------------

Next:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Hi thanks, i got rid of bit torrent like you said. After using mbar it picked up 8 infected items! and cleaned them, so far so good all seems to be working, i should know by the end of the weekend if that worm pops up again or i have any probs. Fingers crossed but i am quietly optimistic. Many many thanks for your help!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.