Successfully blocked access to a potentially malicious website

[Spinrb8]

My little box keeps popping up with the same few blocked website numbers. It's been doing it nonstop for a few days now(since I installed Malware).

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:

Click on the

Follow This Topic Button

(at the top right of this page), make sure that the

Receive notification

box is checked and that it is set to

Instantly

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear" and

Please don't waste my time by leaving before that

.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[Spinrb8]

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576

Run by Ken at 11:07:13 on 2013-05-31

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1229 [GMT -7:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwssvc.exe

C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSOEMON.EXE

C:\Users\Ken\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\HWManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\Keystatus.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe

C:\Windows\System32\MsSpellCheckingFacility.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\OSDForm.exe

C:\Windows\notepad.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} -

uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ips\ipsbho.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Coupons.com Toolbar: {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -

TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

uRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwsoemon.exe

uRun: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~2\MYWEBS~1\bar\3.bin\F3SCRCTR.DLL,LES

uRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Ken\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN25TBK2HZ05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [buttons & OSDs control application gen2] C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe

mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [uCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwsoemon.exe

mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateReg] "C:\Windows\System32\jureg.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Search - <no file>

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: mcafee.com

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{C48D9930-CDF5-430F-9D64-6907C59BE01F} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{C48D9930-CDF5-430F-9D64-6907C59BE01F}\350796E6272683F57657563747 : DHCPNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe"

x64-Run: [soundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe" /tray

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-RunOnce: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7uij00bu.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\MyWebSearch\bar\3.bin\NPMYWEBS.DLL

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Ken\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Users\Ken\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npicaN.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1403000.024\symds64.sys [2013-2-26 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1403000.024\symefa64.sys [2013-2-26 1139800]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1403000.024\ccsetx64.sys [2013-2-26 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130404.001\IDSviA64.sys [2013-4-4 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1403000.024\ironx64.sys [2013-2-26 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1403000.024\symnets.sys [2013-2-26 432800]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/16 15:45:19];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-10-21 146928]

R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2009-6-17 17992]

R3 AVerAVF2;AVerAVF2;C:\Windows\System32\drivers\AVerAVF2.sys [2010-11-11 1212416]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-4-7 36392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-27 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-5-18 702976]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-17 48488]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-25 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

.

=============== Created Last 30 ================

.

2013-05-27 21:27:35 -------- d-----w- C:\Users\Ken\AppData\Roaming\Malwarebytes

2013-05-27 21:27:07 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-27 21:27:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-27 21:27:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-27 21:26:42 -------- d-----w- C:\Users\Ken\AppData\Local\Programs

2013-05-27 05:13:14 -------- d-----w- C:\Users\Ken\AppData\Local\Temp

2013-05-27 02:32:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-27 02:32:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-26 19:13:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-15 07:27:27 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-03 22:40:51 -------- d-----w- C:\Movies

2013-05-03 21:45:31 -------- d-----w- C:\Program Files\Handbrake

.

==================== Find3M ====================

.

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 11:12:26.86 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/19/2011 12:27:41 PM

System Uptime: 5/27/2013 2:39:43 PM (93 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Maureen

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | CPU 1 | 1188/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 81.534 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.62 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1297\7&198A872&0&0C74C2ABC3B3_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1297\7&198A872&0&0C74C2ABC3B3_C00000000

Service:

.

==== System Restore Points ===================

.

RP231: 3/17/2013 11:00:46 PM - Windows Backup

RP232: 3/21/2013 3:00:28 AM - Windows Update

RP233: 3/22/2013 3:00:22 AM - Windows Update

RP234: 3/24/2013 11:00:46 PM - Windows Backup

RP235: 3/31/2013 11:00:48 PM - Windows Backup

RP236: 4/7/2013 11:00:45 PM - Windows Backup

RP237: 4/11/2013 3:00:13 AM - Windows Update

RP238: 4/14/2013 11:00:42 PM - Windows Backup

RP239: 4/22/2013 8:43:24 AM - Scheduled Checkpoint

RP240: 4/24/2013 3:00:25 AM - Windows Update

RP241: 4/28/2013 11:00:44 PM - Windows Backup

RP242: 5/5/2013 11:00:39 PM - Windows Backup

RP243: 5/13/2013 12:00:01 AM - Scheduled Checkpoint

RP244: 5/15/2013 3:00:15 AM - Windows Update

RP245: 5/19/2013 11:00:44 PM - Windows Backup

RP246: 5/26/2013 2:08:58 PM - Installed Java 7 Update 21

RP247: 5/26/2013 9:17:19 PM - Norton_Power_Eraser_20130526211701391

RP248: 5/26/2013 11:00:52 PM - Windows Backup

RP249: 5/27/2013 10:09:52 AM - Removed QuickTime

RP250: 5/27/2013 11:40:26 AM - Removed QuickTime

RP251: 5/27/2013 12:02:24 PM - Removed iTunes

RP252: 5/28/2013 11:14:28 AM - Windows Backup

.

==== Installed Programs ======================

.

7-zip v9.20

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS5.1

Adobe Reader XI (11.0.03)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Bluetooth by hp 6.1.0.4600

Bonjour

Buttons & OSDs control application gen2

Canon MP830

Castle Link

Citrix XenApp Web Plugin

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

Coupons.com Toolbar

CyberLink DVD Suite Deluxe

D3DX10

DiMAGE Viewer

DirectX for Managed Code Update (Summer 2004)

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVDFab 8.1.7.8 (17/04/2012) Qt

FrostWire 5.5.5

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

HandBrake 0.9.8

Hardware Diagnostic Tools

Hewlett-Packard ACLM.NET v1.2.1.1

Host OpenAL (ADI)

HP Advisor

HP Ambient Light

HP Customer Experience Enhancements

HP FWUpdateEDO2

HP KEYBOARD

HP MediaSmart DVD

HP Officejet Pro 8600 Basic Device Software

HP Officejet Pro 8600 Help

HP Officejet Pro 8600 Product Improvement Study

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Picasso Media Center Add-In

HP Product Detection

HP Recovery Manager RSS

HP Support Assistant

HP Total Care Setup

HP Touch Optimizer

HP Touch Screen Configuration

HP Touch Screen Enhance Service

HP TouchSmart

HP TouchSmart 360 Tour

HP TouchSmart Basic Tutorial

HP TouchSmart Calendar

HP TouchSmart Music Tutorial

HP TouchSmart Music/Photo/Video

HP TouchSmart Notes

HP TouchSmart Video Tutorials

HP TouchSmart Webcam

HP Update

I.R.I.S. OCR

iCloud

Internet Explorer (Enable DEP)

iPhone Configuration Utility

Java 7 Update 21

Java Auto Updater

Junk Mail filter update

KONICA_MINOLTA DiMAGE remote camera driver

LabelPrint

LimeWire 5.4.6

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Virtual Technician

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Live Search Toolbar

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

MobileMe Control Panel

Mozilla Firefox 11.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

My HP Games

Norton 360

NVIDIA Display Control Panel

NVIDIA Drivers

ooVoo

PDF Settings CS5

Picasa 3

PL-2303 USB-to-Serial

PlayReady PC runtime

PlayReady PC Runtime amd64

Power2Go

PowerDirector

PVSonyDll

Python 2.5.2

RealFlight G5 R/C Simulator

Safari

SanDiskSecureAccess_Manager.exe

Search Toolbar

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Segoe UI

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista

Skype™ 5.10

SoundMAX

sp41099

Spelling Dictionaries Support For Adobe Reader 9

SPORE Creature Creator Trial Edition

t6config

Time Stopper

TomTom HOME 2.7.3.1894

TomTom HOME Visual Studio Merge Modules

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows 7 Upgrade Advisor

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

XPort 360

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

5/30/2013 2:07:33 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

5/30/2013 12:21:15 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

5/27/2013 2:49:37 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

5/27/2013 1:12:54 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

5/26/2013 8:44:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).

5/26/2013 8:39:19 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:39:19 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:30:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

5/26/2013 8:30:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

5/26/2013 8:27:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 8:25:49 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 7:44:27 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 7:44:26 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 7:44:26 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 7:44:26 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 7:44:26 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 7:44:26 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/26/2013 7:44:25 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

5/26/2013 7:44:25 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 7:44:25 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/26/2013 11:20:56 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

5/26/2013 11:17:00 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

5/26/2013 11:10:36 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2013 11:10:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

5/26/2013 11:09:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/26/2013 11:09:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/26/2013 11:09:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/26/2013 11:09:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

5/26/2013 11:09:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/26/2013 11:09:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/26/2013 11:09:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

5/26/2013 11:09:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf

5/26/2013 11:09:24 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2013 11:09:24 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2013 11:09:24 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2013 11:09:24 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2013 11:09:24 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2013 11:09:24 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2013 11:09:24 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2013 11:09:23 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/26/2013 11:09:23 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2013 11:09:23 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2013 11:09:23 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2013 11:09:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/26/2013 10:20:03 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

5/26/2013 10:19:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

5/25/2013 9:32:54 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 8 time(s).

5/25/2013 5:02:25 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 7 time(s).

5/25/2013 4:52:01 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).

5/25/2013 4:52:01 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 6 time(s).

5/25/2013 4:52:01 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 4 time(s).

5/25/2013 3:43:21 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).

5/25/2013 3:29:59 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).

5/25/2013 3:29:59 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).

5/25/2013 3:29:59 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 4 time(s).

5/25/2013 3:29:59 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 4 time(s).

5/25/2013 3:25:38 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 3 time(s).

5/25/2013 3:25:38 PM, Error: Service Control Manager [7034] - The Certificate Propagation service terminated unexpectedly. It has done this 3 time(s).

5/25/2013 3:01:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

5/25/2013 3:01:47 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/25/2013 12:15:42 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

5/25/2013 12:01:46 PM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).

5/24/2013 11:09:07 AM, Error: Service Control Manager [7034] - The CalendarSynchService service terminated unexpectedly. It has done this 1 time(s).

5/24/2013 11:08:49 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/24/2013 11:08:49 AM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/24/2013 11:08:49 AM, Error: Service Control Manager [7031] - The Remote Desktop Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/24/2013 11:08:49 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

5/24/2013 11:08:49 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/24/2013 11:08:49 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

[MrCharlie]

I need the log from RogueKiller.....MrC

[Spinrb8]

I ran the scan, closed it and there is a desktop icon. when I open it it has a few dif. options. This is what I get when I open the Quarantine report.

Time : 31/05/2013 14:27:42

--------------------------

[WLXPGSS.SCR.vir] -> C:\Windows\WLXPGSS.SCR

[MrCharlie]

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

[Spinrb8]

Ok I have a file that came up with an mbar file but if I open it it opens a bunch more file options.

[Spinrb8]

If I unzip it it then says the folder already contains this file. Would I like to replace it

[Spinrb8]

It gives to options one with a date from today and one from last year.

[MrCharlie]

I'm not sure what you're talking about.

You just download MBAR, lets say to your desktop.

Unzip it, open up the folder MBAR and run mbar.exe.

MrC

[Spinrb8]

That's what I did. I evidently have an existing mbar folder. When I unzip it do I wanna override the old one?

[MrCharlie]

Delete everything and start over, it's not that hard??

MrC

[Spinrb8]

Sorry I'm frustrating you. It's not hard for someone as smart as yourself. I got lucky and stumbled across the right file. It's scanning now. Thanks for your help MrC. Much appreciated.

[MrCharlie]

OK....and I don't get frustrated and I'm not that smart..just good at fixing things no matter what they are

MrC

[Spinrb8]

Thanks MrC. So far everything looks good. I sent a small donation, if it doesn't come through please let me know.

[MrCharlie]

I got it...Thanks.

It's OK now??? MrC

[Spinrb8]

Seems to be running smooth. It's not flashing the little pop-up anymore. I ran another scan and nothing came up. Thanks again for your patients!

[MrCharlie]

OK.......

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!