Jump to content

svchost.exe playing ads


Recommended Posts

Here are logs.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 12/29/2009 11:26:42 PM
System Uptime: 7/24/2013 9:23:15 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Pentium® Dual-Core CPU       T4200  @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 15.128 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 7.969 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl18ed30f3
Device ID: ROOT\LEGACY_MPKSL18ED30F3\0000
Manufacturer: 
Name: MpKsl18ed30f3
PNP Device ID: ROOT\LEGACY_MPKSL18ED30F3\0000
Service: MpKsl18ed30f3
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP351: 6/13/2013 2:01:53 AM - Windows Update
RP352: 6/13/2013 9:27:31 PM - Windows Update
RP353: 6/17/2013 8:20:20 PM - Windows Update
RP354: 6/21/2013 3:25:59 PM - Windows Update
RP355: 6/24/2013 6:40:15 PM - Windows Update
RP356: 6/27/2013 7:40:47 PM - Windows Update
RP357: 7/1/2013 6:51:41 PM - Windows Update
RP358: 7/5/2013 9:49:30 AM - Windows Update
RP359: 7/5/2013 1:33:51 PM - Installed HiJackThis
RP360: 7/8/2013 6:56:19 PM - Windows Update
RP361: 7/10/2013 6:05:28 PM - Windows Update
RP362: 7/13/2013 8:33:54 PM - Windows Update
RP363: 7/17/2013 4:45:25 PM - Windows Update
RP364: 7/21/2013 8:59:56 AM - Windows Update
RP365: 7/24/2013 1:46:25 PM - Windows Update
RP367: 7/24/2013 8:46:25 PM - Restore Operation
.
==== Installed Programs ======================
.
 Leawo DVD to MP4 Converter version  4.0.0.0
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
CutePDF Writer 3.0
D110
D3DX10
Dell Communications (Support Software)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Touchpad
Destinations
DeviceDiscovery
Driver Installer
DVD Flick 1.3.0.7
File Shredder 2.5
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
Guitar Praise
Hallmark Card Studio Special Edition
HiJackThis
HP Imaging Device Functions 14.0
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
iCloud
IDT Audio
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes
Java 6 Update 13
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time  Lib Setup
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OGA Notifier 2.0.0048.0
OverDrive Media Console
PowerDVD DX
PS_AIO_07_D110_SW_Min
QuickPar 0.9
QuickSet
QuickTime
QuickTransfer
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.1
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The System Event Notification Service service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 8 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 9 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 8 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 7 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 8 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The IP Helper service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Group Policy Client service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 7 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:27 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:47:53 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 6 time(s).
7/24/2013 9:47:53 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 7 time(s).
7/24/2013 9:47:53 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 6 time(s).
7/24/2013 9:47:53 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 2 time(s).
7/24/2013 9:47:53 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:47:53 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 6 time(s).
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:45:05 PM, Error: Service Control Manager [7034]  - The Themes service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:45:05 PM, Error: Service Control Manager [7034]  - The Task Scheduler service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:45:05 PM, Error: Service Control Manager [7034]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:45:05 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 9:44:18 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 9:44:18 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 9:44:18 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 9:44:18 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:44:05 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
7/24/2013 9:43:27 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:43:27 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:43:27 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:43:27 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7000]  - The User Profile Service service failed to start due to the following error:  The pipe has been ended.
7/24/2013 9:42:05 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:42:05 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:42:05 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:41:30 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.
7/24/2013 9:41:30 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2013 9:41:30 PM, Error: Service Control Manager [7000]  - The Server service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:21:46 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:15:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/24/2013 9:15:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/24/2013 9:15:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/24/2013 9:15:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/24/2013 9:15:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/24/2013 9:15:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/24/2013 9:14:54 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0x830681af, 0x8b517414, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072413-29078-01.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:12:29 PM, Error: Service Control Manager [7034]  - The Application Experience service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:05:11 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:05:11 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 8:58:24 PM, Error: Microsoft-Windows-WMPNSS-Service [14365]  - Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
7/24/2013 8:52:41 PM, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x80070002   Error description: The system cannot find the file specified.   Signature version: 0.0.0.0;0.0.0.0   Engine version: 0.0.0.0
7/24/2013 8:47:44 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/24/2013 8:45:12 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 8:45:12 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 6 time(s).
7/24/2013 8:45:12 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 10 time(s).
7/24/2013 8:45:12 PM, Error: Service Control Manager [7034]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 9 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 9 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Application Experience service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:39:59 PM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:30:18 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 5:29:53 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 5:18:51 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user JEANA-DELL-LAPT\Mitchell SID (S-1-5-21-741806429-3676762138-3067480243-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/24/2013 5:18:51 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user JEANA-DELL-LAPT\Mitchell SID (S-1-5-21-741806429-3676762138-3067480243-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/22/2013 2:54:44 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/22/2013 2:54:44 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
7/21/2013 2:25:08 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/21/2013 2:25:08 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/21/2013 2:25:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
.
==== End Of File ===========================
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16635
Run by Mitchell at 21:48:50 on 2013-07-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2010.953 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell\DellComms\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskmgr.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SndVol.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6EBC4999-C706-424A-8EEC-0221C1E060A2} : DHCPNameServer = 172.22.1.43 172.22.101.20 172.22.60.21 172.22.181.20 172.22.1.46
TCP: Interfaces\{F05226C6-BBE0-4C32-800B-AE43E36243C9} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F05226C6-BBE0-4C32-800B-AE43E36243C9}\2375942554530353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F05226C6-BBE0-4C32-800B-AE43E36243C9}\35A434D27457563747 : DHCPNameServer = 172.22.1.43 172.22.101.20 172.22.60.21 172.22.181.20 172.22.1.46
TCP: Interfaces\{F05226C6-BBE0-4C32-800B-AE43E36243C9}\35D42434 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/08/14 19:25:24];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-12-30 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [2009-12-29 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\dell\dellcomms\bin\sprtsvc.exe [2009-3-25 206064]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-24 40776]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2013-6-7 26080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-5 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2013-07-25 02:29:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-25 01:52:41 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c8789665-c2ac-4235-9bbd-18eef351c2c6}\mpengine.dll
2013-07-18 22:47:33 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-17 21:47:20 698504 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e2a052b5-c827-42a3-9fc6-20754b19d427}\gapaengine.dll
2013-07-10 19:09:55 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 19:09:54 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 19:09:49 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 19:09:48 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 19:09:44 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-10 19:09:44 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-07-10 19:09:44 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-10 19:09:41 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-10 19:09:31 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2013-07-10 19:09:30 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2013-07-10 19:09:30 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2013-07-05 18:35:07 388096 ----a-r- c:\users\mitchell\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-07-05 18:35:06 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M  ====================
.
2013-06-16 12:40:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-16 12:40:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28:50 238872 ----a-w- c:\windows\system32\MpSigStub.exe
2013-05-01 08:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll
2011-09-30 05:43:03 161720 ----a-w- c:\program files\2pres.dll
.
============= FINISH: 21:52:50.10 ===============
 

 

Link to post
Share on other sites

Hello mvb1013 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

    Vista/Windows 7 users right-click and select Run As Administrator.

  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

Here are logs.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 12/29/2009 11:26:42 PM
System Uptime: 7/24/2013 9:23:15 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0G848F
Processor: Pentium® Dual-Core CPU       T4200  @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 15.128 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 7.969 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl18ed30f3
Device ID: ROOT\LEGACY_MPKSL18ED30F3\0000
Manufacturer: 
Name: MpKsl18ed30f3
PNP Device ID: ROOT\LEGACY_MPKSL18ED30F3\0000
Service: MpKsl18ed30f3
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP351: 6/13/2013 2:01:53 AM - Windows Update
RP352: 6/13/2013 9:27:31 PM - Windows Update
RP353: 6/17/2013 8:20:20 PM - Windows Update
RP354: 6/21/2013 3:25:59 PM - Windows Update
RP355: 6/24/2013 6:40:15 PM - Windows Update
RP356: 6/27/2013 7:40:47 PM - Windows Update
RP357: 7/1/2013 6:51:41 PM - Windows Update
RP358: 7/5/2013 9:49:30 AM - Windows Update
RP359: 7/5/2013 1:33:51 PM - Installed HiJackThis
RP360: 7/8/2013 6:56:19 PM - Windows Update
RP361: 7/10/2013 6:05:28 PM - Windows Update
RP362: 7/13/2013 8:33:54 PM - Windows Update
RP363: 7/17/2013 4:45:25 PM - Windows Update
RP364: 7/21/2013 8:59:56 AM - Windows Update
RP365: 7/24/2013 1:46:25 PM - Windows Update
RP367: 7/24/2013 8:46:25 PM - Restore Operation
.
==== Installed Programs ======================
.
 Leawo DVD to MP4 Converter version  4.0.0.0
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
CutePDF Writer 3.0
D110
D3DX10
Dell Communications (Support Software)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Touchpad
Destinations
DeviceDiscovery
Driver Installer
DVD Flick 1.3.0.7
File Shredder 2.5
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
Guitar Praise
Hallmark Card Studio Special Edition
HiJackThis
HP Imaging Device Functions 14.0
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
iCloud
IDT Audio
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes
Java 6 Update 13
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time  Lib Setup
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OGA Notifier 2.0.0048.0
OverDrive Media Console
PowerDVD DX
PS_AIO_07_D110_SW_Min
QuickPar 0.9
QuickSet
QuickTime
QuickTransfer
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.1
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The System Event Notification Service service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 8 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 9 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 8 time(s).
7/24/2013 9:51:31 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 7 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 8 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The IP Helper service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Group Policy Client service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 7 time(s).
7/24/2013 9:48:39 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:48:27 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:47:53 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 6 time(s).
7/24/2013 9:47:53 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 7 time(s).
7/24/2013 9:47:53 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 6 time(s).
7/24/2013 9:47:53 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 2 time(s).
7/24/2013 9:47:53 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:47:53 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 6 time(s).
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 9:46:28 PM, Error: Service Control Manager [7034]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:45:05 PM, Error: Service Control Manager [7034]  - The Themes service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:45:05 PM, Error: Service Control Manager [7034]  - The Task Scheduler service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:45:05 PM, Error: Service Control Manager [7034]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:45:05 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 9:44:18 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 9:44:18 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 9:44:18 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 9:44:18 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:44:05 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
7/24/2013 9:43:27 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:43:27 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:43:27 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:43:27 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:43:27 PM, Error: Service Control Manager [7000]  - The User Profile Service service failed to start due to the following error:  The pipe has been ended.
7/24/2013 9:42:05 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:42:05 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:42:05 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
7/24/2013 9:41:30 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.
7/24/2013 9:41:30 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2013 9:41:30 PM, Error: Service Control Manager [7000]  - The Server service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:41:27 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:21:46 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:15:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/24/2013 9:15:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/24/2013 9:15:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/24/2013 9:15:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/24/2013 9:15:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/24/2013 9:15:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/24/2013 9:14:54 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:52 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/24/2013 9:14:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0x830681af, 0x8b517414, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072413-29078-01.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:12:45 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/24/2013 9:12:29 PM, Error: Service Control Manager [7034]  - The Application Experience service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 9:05:11 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 9:05:11 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error:  An instance of the service is already running.
7/24/2013 8:58:24 PM, Error: Microsoft-Windows-WMPNSS-Service [14365]  - Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
7/24/2013 8:52:41 PM, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x80070002   Error description: The system cannot find the file specified.    Signature version: 0.0.0.0;0.0.0.0   Engine version: 0.0.0.0
7/24/2013 8:47:44 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/24/2013 8:45:12 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 8:45:12 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 6 time(s).
7/24/2013 8:45:12 PM, Error: Service Control Manager [7034]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 10 time(s).
7/24/2013 8:45:12 PM, Error: Service Control Manager [7034]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 5 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 9 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 9 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:44:06 PM, Error: Service Control Manager [7034]  - The Application Experience service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:39:59 PM, Error: Service Control Manager [7034]  - The User Profile Service service terminated unexpectedly.  It has done this 4 time(s).
7/24/2013 8:30:18 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 3 time(s).
7/24/2013 5:29:53 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/24/2013 5:18:51 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user JEANA-DELL-LAPT\Mitchell SID (S-1-5-21-741806429-3676762138-3067480243-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/24/2013 5:18:51 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user JEANA-DELL-LAPT\Mitchell SID (S-1-5-21-741806429-3676762138-3067480243-1005) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/22/2013 2:54:44 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/22/2013 2:54:44 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
7/21/2013 2:25:08 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/21/2013 2:25:08 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/21/2013 2:25:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
.
==== End Of File ===========================
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16635
Run by Mitchell at 21:48:50 on 2013-07-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2010.953 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell\DellComms\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskmgr.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SndVol.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6EBC4999-C706-424A-8EEC-0221C1E060A2} : DHCPNameServer = 172.22.1.43 172.22.101.20 172.22.60.21 172.22.181.20 172.22.1.46
TCP: Interfaces\{F05226C6-BBE0-4C32-800B-AE43E36243C9} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F05226C6-BBE0-4C32-800B-AE43E36243C9}\2375942554530353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F05226C6-BBE0-4C32-800B-AE43E36243C9}\35A434D27457563747 : DHCPNameServer = 172.22.1.43 172.22.101.20 172.22.60.21 172.22.181.20 172.22.1.46
TCP: Interfaces\{F05226C6-BBE0-4C32-800B-AE43E36243C9}\35D42434 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/08/14 19:25:24];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-12-30 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [2009-12-29 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\dell\dellcomms\bin\sprtsvc.exe [2009-3-25 206064]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-24 40776]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2013-6-7 26080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-5 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2013-07-25 02:29:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-25 01:52:41 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c8789665-c2ac-4235-9bbd-18eef351c2c6}\mpengine.dll
2013-07-18 22:47:33 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-17 21:47:20 698504 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e2a052b5-c827-42a3-9fc6-20754b19d427}\gapaengine.dll
2013-07-10 19:09:55 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 19:09:54 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 19:09:49 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 19:09:48 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 19:09:44 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-10 19:09:44 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-07-10 19:09:44 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-10 19:09:41 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-10 19:09:31 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2013-07-10 19:09:30 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2013-07-10 19:09:30 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2013-07-05 18:35:07 388096 ----a-r- c:\users\mitchell\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-07-05 18:35:06 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M  ====================
.
2013-06-16 12:40:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-16 12:40:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28:50 238872 ----a-w- c:\windows\system32\MpSigStub.exe
2013-05-01 08:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll
2011-09-30 05:43:03 161720 ----a-w- c:\program files\2pres.dll
.
============= FINISH: 21:52:50.10 ===============
 

 

Link to post
Share on other sites

Okay. I will post all logs. Each log in seperate post because it says post too long.

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.07.24.10
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Mitchell :: JEANA-DELL-LAPT [administrator]
 
7/24/2013 10:30:31 PM
mbar-log-2013-07-24 (22-30-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 243456
Time elapsed: 25 minute(s), 53 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16635

 

Java version: 1.6.0_13

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 2108018688, free: 1231466496

 

Downloaded database version: v2013.07.24.10

Downloaded database version: v2013.07.15.01

Initializing...

------------ Kernel report ------------

     07/24/2013 22:30:23

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\52022892.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\PxHelp20.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd32.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\usbuhci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl6.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\yk62x86.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\??\C:\Program Files\CyberLink\PowerDVD DX\000.fcl

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff87be81f8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xffffffff8594e028

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff87be81f8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff87be9d10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff87be81f8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8594e028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 638CBF

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 80262

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 81920  Numsec = 30720000

 

    Partition 2 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 30801920  Numsec = 281777840

    Partition file system is NTFS

    Partition is bootable

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 160041885696 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_30801920_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished
Link to post
Share on other sites

ComboFix 13-07-24.03 - Mitchell 07/24/2013  23:10:33.1.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2010.723 [GMT -5:00]

Running from: c:\users\Mitchell\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\CouponAlert_2pEI

c:\programdata\Microsoft\Windows\DRM\F21.tmp

E:\AUTORUN.INF

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))

.

.

2013-07-25 04:21 . 2013-07-25 04:21 -------- d-----w- c:\users\Jeana\AppData\Local\temp

2013-07-25 04:21 . 2013-07-25 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-25 04:06 . 2013-07-25 04:06 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F30D18-DD71-43A3-BAC9-34A86E4190A5}\MpKsl34da7ca1.sys

2013-07-25 04:05 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F30D18-DD71-43A3-BAC9-34A86E4190A5}\mpengine.dll

2013-07-25 03:30 . 2013-07-25 03:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-07-25 03:17 . 2013-07-25 03:17 -------- d-----w- C:\TDSSKiller_Quarantine

2013-07-25 01:52 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-17 21:47 . 2013-07-17 21:45 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2A052B5-C827-42A3-9FC6-20754B19D427}\gapaengine.dll

2013-07-10 19:09 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-07-10 19:09 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-10 19:09 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-10 19:09 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-10 19:09 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 19:09 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-10 19:09 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-10 19:09 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-10 19:09 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-10 19:09 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-10 19:09 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-05 18:35 . 2013-07-05 18:35 388096 ----a-r- c:\users\Mitchell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-05 18:35 . 2013-07-05 18:35 -------- d-----w- c:\program files\Trend Micro

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-21 20:26 . 2011-09-07 22:24 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-06-16 12:40 . 2012-06-26 04:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-16 12:40 . 2011-06-11 16:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-16 00:49 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-13 04:45 . 2013-06-12 12:35 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 04:45 . 2013-06-12 12:35 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 04:45 . 2013-06-12 12:35 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 03:08 . 2013-06-12 12:35 903168 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 12:34 43008 ----a-w- c:\windows\system32\certenc.dll

2013-05-10 03:20 . 2013-06-12 12:34 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-08 05:38 . 2013-06-12 12:34 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-06 05:06 . 2013-06-12 12:34 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-06 05:06 . 2013-06-12 12:34 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-02 15:28 . 2009-10-02 23:35 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts

2013-04-26 04:55 . 2013-06-12 12:34 492544 ----a-w- c:\windows\system32\win32spl.dll

2011-09-30 05:43 . 2013-03-25 00:06 161720 ----a-w- c:\program files\2pres.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 233472]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk.disabled [2011-1-13 2071]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-08 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"AW TrayIcon"=RunDll32.exe "c:\program files\ArcadeWeb\arcadeweb32.dll", RunTrayIcon

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SysTrayApp"=c:\program files\IDT\WDM\sttray.exe

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot

"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" -a

"CouponAlert_2p Browser Plugin Loader"=c:\progra~1\COUPON~2\bar\1.bin\2pbrmon.exe

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"DellComms"="c:\program files\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

.

R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-09 26080]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-08 116608]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe [2009-03-02 81920]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 30668413

*NewlyCreated* - MPKSL34DA7CA1

*Deregistered* - 30668413

*Deregistered* - Avgtdix

*Deregistered* - MBAMSwissArmy

*Deregistered* - tcpipBM

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ   HPSLPSVC

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 03:25 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:07]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:07]

.

.

------- Supplementary Scan -------

.


TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-30668413.sys

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-07-24  23:23:56

ComboFix-quarantined-files.txt  2013-07-25 04:23

.

Pre-Run: 15,306,137,600 bytes free

Post-Run: 15,241,846,784 bytes free

.

- - End Of File - - 5C7DEBBDFCEA48F77B668FCC8B594FE0

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.71  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 SUPERAntiSpyware     

 Malwarebytes Anti-Malware version 1.75.0.1300  

 CCleaner     

 Java 6 Update 13  

 Java version out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Reader 9 Adobe Reader out of Date! 

 Adobe Reader 10.1.7 Adobe Reader out of Date!  

 Google Chrome 28.0.1500.71  

 Google Chrome 28.0.1500.72  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

30668413

File::

C:\Windows\System32\Drivers\30668413.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Link to post
Share on other sites

ComboFix 13-07-24.03 - Mitchell 07/25/2013   9:13.2.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2010.1010 [GMT -5:00]

Running from: c:\users\Mitchell\Desktop\ComboFix.exe

Command switches used :: c:\users\Mitchell\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\System32\Drivers\30668413.sys"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_30668413

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))

.

.

2013-07-25 14:23 . 2013-07-25 14:23 -------- d-----w- c:\users\Jeana\AppData\Local\temp

2013-07-25 14:23 . 2013-07-25 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-25 04:28 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FAB824D-0F65-48EE-8ABF-56AB595DD532}\mpengine.dll

2013-07-25 03:30 . 2013-07-25 03:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-07-25 03:17 . 2013-07-25 03:17 -------- d-----w- C:\TDSSKiller_Quarantine

2013-07-25 01:52 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-17 21:47 . 2013-07-17 21:45 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2A052B5-C827-42A3-9FC6-20754B19D427}\gapaengine.dll

2013-07-10 19:09 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-07-10 19:09 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-10 19:09 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-10 19:09 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-10 19:09 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 19:09 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-10 19:09 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-10 19:09 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-10 19:09 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-10 19:09 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-10 19:09 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-05 18:35 . 2013-07-05 18:35 388096 ----a-r- c:\users\Mitchell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-05 18:35 . 2013-07-05 18:35 -------- d-----w- c:\program files\Trend Micro

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-21 20:26 . 2011-09-07 22:24 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-06-16 12:40 . 2012-06-26 04:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-16 12:40 . 2011-06-11 16:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-16 00:49 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-13 04:45 . 2013-06-12 12:35 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 04:45 . 2013-06-12 12:35 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 04:45 . 2013-06-12 12:35 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 03:08 . 2013-06-12 12:35 903168 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 12:34 43008 ----a-w- c:\windows\system32\certenc.dll

2013-05-10 03:20 . 2013-06-12 12:34 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-08 05:38 . 2013-06-12 12:34 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-06 05:06 . 2013-06-12 12:34 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-06 05:06 . 2013-06-12 12:34 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-02 15:28 . 2009-10-02 23:35 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-30 05:43 . 2013-03-25 00:06 161720 ----a-w- c:\program files\2pres.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 233472]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk.disabled [2011-1-13 2071]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-08 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"AW TrayIcon"=RunDll32.exe "c:\program files\ArcadeWeb\arcadeweb32.dll", RunTrayIcon

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SysTrayApp"=c:\program files\IDT\WDM\sttray.exe

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot

"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" -a

"CouponAlert_2p Browser Plugin Loader"=c:\progra~1\COUPON~2\bar\1.bin\2pbrmon.exe

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"DellComms"="c:\program files\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

.

R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-09 26080]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]

R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-08-20 168192]

R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-08-20 142976]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2013-05-08 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-08 116608]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/08/14 19:25];c:\program files\CyberLink\PowerDVD DX\000.fcl [2009-09-15 00:19 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe [2009-03-02 81920]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\Dell\DellComms\bin\sprtsvc.exe [2009-03-25 206064]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - Avgtdix

*Deregistered* - tcpipBM

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ   HPSLPSVC

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 03:25 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:07]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:07]

.

.

------- Supplementary Scan -------

.


TCP: DhcpNameServer = 192.168.1.254

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\DellTPad\HidFind.exe

c:\windows\system32\conhost.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2013-07-25  09:30:37 - machine was rebooted

ComboFix-quarantined-files.txt  2013-07-25 14:30

ComboFix2.txt  2013-07-25 04:23

.

Pre-Run: 15,279,300,608 bytes free

Post-Run: 15,077,269,504 bytes free

.

- - End Of File - - 25174F520438A3266972EC23D299420E

A36C5E4F47E84449FF07ED3517B43A31

 

 

Things seem to be okay.

Link to post
Share on other sites

We're making progress. :)

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 07/25/2013 at 11:15:21

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)

# User : Mitchell - JEANA-DELL-LAPT

# Boot Mode : Normal

# Running from : C:\Users\Mitchell\Desktop\AdwCleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Program Files\Common Files\Wondershare

Folder Found : C:\Program Files\Wondershare

Folder Found : C:\Users\Jeana\AppData\Local\Wondershare

Folder Found : C:\Users\Jeana\AppData\LocalLow\CouponAlert_2p

Folder Found : C:\Users\Mitchell\AppData\Local\Wondershare

Folder Found : C:\Users\Mitchell\AppData\LocalLow\CouponAlert_2p

 

***** [Registry] *****

 

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\Software\CouponAlert_2p

Key Found : HKCU\Software\AppDataLow\Software\iWon

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\SProtector

Key Found : HKU\S-1-5-21-741806429-3676762138-3067480243-1005\Software\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}

Key Found : HKU\S-1-5-21-741806429-3676762138-3067480243-1005\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 


 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Users\Jeana\AppData\Local\Google\Chrome\User Data\Default\Preferences

 


 

File : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2708 octets] - [25/07/2013 11:15:21]

 

########## EOF - C:\AdwCleaner[R1].txt - [2768 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.2 (07.22.2013:2)

OS: Windows 7 Home Premium x86

Ran by Mitchell on Thu 07/25/2013 at 11:20:28.18

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-741806429-3676762138-3067480243-1005\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{4623a8c4-150d-4983-8982-68c01e7d6541}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEB638BC-EC5A-451F-AD4C-78A39311A120}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Mitchell\appdata\local\wondershare"

Successfully deleted: [Folder] "C:\Users\Mitchell\appdata\locallow\couponalert_2p"

Successfully deleted: [Folder] "C:\Program Files\wondershare"

Successfully deleted: [Folder] "C:\Program Files\Common Files\wondershare"

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

Successfully deleted: [Folder] "C:\ai_recyclebin"

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{0B8C577D-532C-4E1B-A902-876E90901B03}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{1DCFFA9E-F790-4900-9F20-552C688E59EF}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{580EDAF4-5468-4FBF-A679-CAB66474AF9B}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{5A932B4F-4D95-4F33-B4B5-45098C5E2C23}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{69697B88-5EBE-4FB0-B086-A2C499E61E54}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{6C2C0FB0-103E-4C08-AB84-D72FDB3AC747}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{7BC09FF0-C34D-4A14-ACCB-0B71D81B373C}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{A2BF61CB-0C7D-4A82-ACCD-C1E4622C0F1F}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{BAFEDD02-56E2-4520-8189-F56D43825A18}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{C20DFBF1-3C66-49B1-8FFA-D5FB261C0240}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{C557AE97-D04A-4301-B9EE-3BCF8425257A}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{D0F98511-9C8D-4154-9326-7EB884C06374}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{D2FDB4D1-4ED0-4F67-8E99-8D278DED334E}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{E63804E0-DA12-4DDC-A11C-982EB6863EDA}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{E969C789-08B2-4462-B9F8-F9E2D3C13AF7}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{EDC366BE-2AC5-4256-B581-18D4FC331AE4}

Successfully deleted: [Empty Folder] C:\Users\Mitchell\appdata\local\{EF96326A-BC6F-49E3-BE47-BDB42B2AF338}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 07/25/2013 at 11:22:22.76

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

OTL logfile created on: 7/25/2013 11:52:52 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mitchell\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.96 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 53.68% Memory free

3.93 Gb Paging File | 2.80 Gb Available in Paging File | 71.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 134.36 Gb Total Space | 11.34 Gb Free Space | 8.44% Space Free | Partition Type: NTFS

Drive E: | 14.65 Gb Total Space | 7.97 Gb Free Space | 54.41% Space Free | Partition Type: NTFS

 

Computer Name: JEANA-DELL-LAPT | User Name: Mitchell | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/07/25 11:24:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mitchell\Desktop\OTL.exe

PRC - [2013/07/12 13:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/05/07 20:52:54 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/01/07 17:11:28 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/06/29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe

PRC - [2009/03/31 09:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2009/03/31 09:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2009/03/31 09:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2009/03/25 10:44:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell\DellComms\bin\sprtsvc.exe

PRC - [2009/03/10 12:24:04 | 000,233,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe

PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/07/12 13:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll

MOD - [2013/07/12 13:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll

MOD - [2013/07/12 13:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\libglesv2.dll

MOD - [2013/07/12 13:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\libegl.dll

MOD - [2013/07/12 13:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/05/07 20:52:54 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/05/05 12:56:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/11 07:55:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/06/29 12:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe -- (STacSV)

SRV - [2009/03/25 10:44:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms)

SRV - [2009/03/02 13:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe -- (AESTFilters)

SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mitchell\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2013/05/07 20:52:50 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012/10/08 19:53:56 | 000,026,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/11/04 03:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)

DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/09/14 19:19:50 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/08/14 19:25:24] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})

DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/06/29 12:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/04/03 02:37:24 | 000,200,240 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/11/20 21:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2008/08/22 12:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2008/08/20 13:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80)

DRV - [2008/08/20 13:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u80.sys -- (SWNC8U80)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

 

IE - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/13 22:50:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/07/24 20:51:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: G:\Program Files\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: G:\Program Files\plugins

 

[2013/02/26 20:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/02/15 19:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/02/15 19:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://g.msn.com/USCON/1

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll

CHR - Extension: Google Docs = C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

CHR - Extension: Gmail = C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2013/07/25 09:25:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O3 - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Jeana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Jeana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk =  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-741806429-3676762138-3067480243-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EBC4999-C706-424A-8EEC-0221C1E060A2}: DhcpNameServer = 172.22.1.43 172.22.101.20 172.22.60.21 172.22.181.20 172.22.1.46

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F05226C6-BBE0-4C32-800B-AE43E36243C9}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/07/25 11:24:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mitchell\Desktop\OTL.exe

[2013/07/25 11:20:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/07/25 11:18:46 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Mitchell\Desktop\JRT.exe

[2013/07/25 09:25:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/07/25 00:07:11 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\Desktop\virus removal

[2013/07/24 23:07:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/07/24 23:07:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/07/24 23:07:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/07/24 23:06:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/07/24 23:03:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/07/24 23:00:26 | 005,094,311 | R--- | C] (Swearware) -- C:\Users\Mitchell\Desktop\ComboFix.exe

[2013/07/24 22:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/07/24 22:17:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013/07/24 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\Desktop\school stuff 2013-

[2013/07/10 18:17:51 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/07/10 18:17:49 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/07/10 18:17:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/07/10 18:17:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/07/10 18:17:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/07/10 18:17:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/07/10 18:17:47 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/07/10 18:17:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/07/10 18:17:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/07/10 18:17:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/07/10 14:09:55 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2013/07/10 14:09:54 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2013/07/10 14:09:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll

[2013/07/10 14:09:48 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/07/05 13:35:08 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2013/07/05 13:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/25 11:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/25 11:24:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mitchell\Desktop\OTL.exe

[2013/07/25 11:19:00 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Mitchell\Desktop\JRT.exe

[2013/07/25 11:14:16 | 000,666,633 | ---- | M] () -- C:\Users\Mitchell\Desktop\AdwCleaner.exe

[2013/07/25 11:07:56 | 533,290,421 | ---- | M] () -- C:\Users\Mitchell\Desktop\True Blood - S06E05 - HDTV x264-KILLERS.mp4

[2013/07/25 10:47:33 | 1083,991,495 | ---- | M] () -- C:\Users\Mitchell\Desktop\True_Blood_S06E04.mkv

[2013/07/25 10:19:54 | 598,628,338 | ---- | M] () -- C:\Users\Mitchell\Desktop\True Blood S06E03.avi

[2013/07/25 09:48:03 | 575,069,686 | ---- | M] () -- C:\Users\Mitchell\Desktop\True Blood S06E02.avi

[2013/07/25 09:32:49 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/07/25 09:32:49 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/07/25 09:25:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/07/25 09:25:08 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/25 09:24:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/07/25 09:24:09 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/24 23:00:53 | 005,094,311 | R--- | M] (Swearware) -- C:\Users\Mitchell\Desktop\ComboFix.exe

[2013/07/19 08:49:11 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/07/19 08:49:11 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/07/16 11:09:21 | 000,000,329 | ---- | M] () -- C:\Users\Mitchell\Desktop\HP Printer Diagnostic Tools.url

[2013/07/16 11:06:54 | 000,207,137 | ---- | M] () -- C:\Windows\hpoins46.dat

[2013/07/13 18:22:29 | 000,152,674 | ---- | M] () -- C:\Users\Mitchell\Desktop\Chicken Cresents.pdf

[2013/07/12 21:18:10 | 734,117,888 | ---- | M] () -- C:\Users\Mitchell\Desktop\Red[2010]DvDrip[Eng]-FXG.avi

[2013/07/10 18:26:05 | 000,369,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/07/01 19:07:46 | 413,663,952 | ---- | M] () -- C:\Users\Mitchell\Desktop\True.Blood.S06E02.HDTV.x264-ASAP.mp4

 

========== Files Created - No Company Name ==========

 

[2013/07/25 11:14:02 | 000,666,633 | ---- | C] () -- C:\Users\Mitchell\Desktop\AdwCleaner.exe

[2013/07/25 11:02:07 | 533,290,421 | ---- | C] () -- C:\Users\Mitchell\Desktop\True Blood - S06E05 - HDTV x264-KILLERS.mp4

[2013/07/25 10:35:20 | 1083,991,495 | ---- | C] () -- C:\Users\Mitchell\Desktop\True_Blood_S06E04.mkv

[2013/07/25 10:05:34 | 598,628,338 | ---- | C] () -- C:\Users\Mitchell\Desktop\True Blood S06E03.avi

[2013/07/25 09:41:57 | 575,069,686 | ---- | C] () -- C:\Users\Mitchell\Desktop\True Blood S06E02.avi

[2013/07/24 23:07:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/07/24 23:07:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/07/24 23:07:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/07/24 23:07:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/07/24 23:07:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/07/16 11:09:21 | 000,000,329 | ---- | C] () -- C:\Users\Mitchell\Desktop\HP Printer Diagnostic Tools.url

[2013/07/13 18:23:41 | 000,152,674 | ---- | C] () -- C:\Users\Mitchell\Desktop\Chicken Cresents.pdf

[2013/07/12 21:03:31 | 734,117,888 | ---- | C] () -- C:\Users\Mitchell\Desktop\Red[2010]DvDrip[Eng]-FXG.avi

[2013/07/01 18:43:26 | 413,663,952 | ---- | C] () -- C:\Users\Mitchell\Desktop\True.Blood.S06E02.HDTV.x264-ASAP.mp4

[2013/05/25 12:20:18 | 000,000,050 | ---- | C] () -- C:\Users\Mitchell\AppData\Roaming\mbam.context.scan

[2013/04/24 18:38:02 | 000,088,688 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2013/03/24 19:06:27 | 000,161,720 | ---- | C] () -- C:\Program Files\2pres.dll

[2013/03/10 16:04:18 | 000,003,584 | ---- | C] () -- C:\Users\Mitchell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/03/06 20:33:02 | 000,000,632 | RHS- | C] () -- C:\Users\Mitchell\ntuser.pol

[2011/11/23 12:35:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011/10/15 13:27:17 | 000,146,304 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

 

========== ZeroAccess Check ==========

 

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

< End of report >
Link to post
Share on other sites

OTL Extras logfile created on: 7/25/2013 11:52:52 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mitchell\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.96 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 53.68% Memory free

3.93 Gb Paging File | 2.80 Gb Available in Paging File | 71.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 134.36 Gb Total Space | 11.34 Gb Free Space | 8.44% Space Free | Partition Type: NTFS

Drive E: | 14.65 Gb Total Space | 7.97 Gb Free Space | 54.41% Space Free | Partition Type: NTFS

 

Computer Name: JEANA-DELL-LAPT | User Name: Mitchell | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06FFB62E-8C28-4FE9-BFA1-F50A4691300C}" = rport=139 | protocol=6 | dir=out | app=system | 

"{212F1D34-B714-4449-9B4B-27BAC279F742}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{23ABED0A-E14C-45ED-B791-E4E0D9FA5A8E}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{36A20864-8E26-4E2B-8673-E148FAAB836B}" = lport=139 | protocol=6 | dir=in | app=system | 

"{37E635DC-E648-4E29-92CC-72772DDC1B43}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3E1C61FF-E48D-49FA-BA37-B1606452C9D2}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{418E8A27-FE3B-42D1-A6C2-C86DAB588001}" = lport=138 | protocol=17 | dir=in | app=system | 

"{4E6ACCDE-09F1-4439-8ABB-5F1DCB35A951}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{59E2908E-95C7-4D94-835C-18C0F4EA7D7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{5DAA55CF-6B85-4C93-972C-9837E2024BCB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{6A3C5011-678D-4A9C-8139-CC27246995CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{6D0D8155-EFE0-4E56-9981-6AA7A09777AA}" = lport=137 | protocol=17 | dir=in | app=system | 

"{899537AC-298C-4321-9B22-D7018386A6FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{8DF63EFE-22B1-4BBC-B843-16421C73531D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 

"{A21BAE7C-1CB3-4B98-98D2-D89B29BCA467}" = rport=138 | protocol=17 | dir=out | app=system | 

"{A2845198-A0FA-4D23-AE8A-1E8E6CAFB18C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{C03A3B95-3A72-4975-BDA0-0E56B427D65C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{CC51EEFF-90C7-437E-B96D-3B9D0030F88E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{D1042956-A415-4075-A59B-730DD353DD9D}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{DBBC9BF4-2CDD-43A1-B89F-C879276E4A14}" = lport=445 | protocol=6 | dir=in | app=system | 

"{DC36ECC8-ED4C-4B8D-A62F-DDA548C4271E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{DF680F8A-AE0F-4029-9B43-CB1BF8C37F2C}" = rport=137 | protocol=17 | dir=out | app=system | 

"{E19017EF-8784-4378-B840-2C543EFE9E5C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{ED317234-6771-4482-B1D8-71F2DD872CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{F0A22C84-2B0D-4E36-968A-8E96321155EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F9D30FEC-B3C5-4B27-9EEA-9B962628870C}" = rport=445 | protocol=6 | dir=out | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0FCF60E0-9BAA-4DF6-8597-D9848AA486E5}" = dir=in | app=c:\program files\hp\digital imaging\{dbc1de57-b55a-4d57-9769-1db9be506af7}\setup\hpznui01.exe | 

"{17BD9338-9476-402F-9775-091D39CDAEEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F05E709-C1C1-479A-9C87-DF30E4C9785E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{1F6ECB4F-5246-4DBA-AE76-76E5AE5DD8B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{2317B767-24A9-4773-A47D-19C0404094B6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{26273AF8-B753-4A9F-9296-AE405B1A07B7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"{3BD33EC7-D325-48C1-AEE0-A78A7F6D98D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{3D7B1965-2CA9-4C0E-8346-28ED272CDAA5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{43DBC02B-1D02-407C-BDB3-83818B40DCC4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 

"{513E0049-09FF-4DC6-9A72-8D0E6CF7C646}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{556BF22D-2FF9-41BB-98A5-0C67D74C6801}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{591293B1-36BA-4653-B1E1-CE69A8026E71}" = protocol=6 | dir=out | app=system | 

"{6C2AD1F8-9B8C-4FB2-814D-2C032F3706F6}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{72EB33D2-CEB1-4905-A603-ECC612F531D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{7AF8019F-52D8-4D7F-BA43-9FA08F3A5139}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{840BAF4B-2B96-4169-9CAA-25C835CE49DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{84965AB8-9017-4BAB-B18F-1E394D53152B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{849CA084-CDF9-44D5-8C96-53A708ED9C28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{84A976AC-B61F-472E-87EC-F2490AB8754E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{86E9DC88-25C4-4618-A442-17C481CA5BBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{8B049BDB-421D-42CD-8440-0CC9D46CC2E8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{91FB4210-7436-4475-9CED-CCE8DE0287B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{9295408A-0726-40FE-9D9A-72107A9C08FD}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{998056CE-8BE5-433D-B93B-77BDAD124A49}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{9AE73D84-C3F8-47EF-92F6-B9AB0F257DC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 

"{9D539990-EAA7-456A-99F6-0D662964E470}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 

"{9E4BDD0A-33D2-4E13-9BF2-F07C94736198}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{9F20F5AD-C2AC-489D-811A-42FBBAF250DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A42DAE9E-946E-44BB-8C2D-876B3CB35C65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{A6B3FBFC-39C9-4B46-95D1-6C4A3575CC2D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 

"{A7836F05-C14B-4594-9211-3E6AE116FFB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{B2AC76AF-79B1-4208-8191-A8DAD64AC7D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{B769DA48-B26C-4E94-A66A-F17D85BDD171}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{B8349B13-3CA3-4352-9740-C2B38A727AD5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{BD61762F-7044-456E-B4E3-ADFDAE89FE96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{BD8E6D88-A88C-4AC1-B11D-5F2673FAFFA1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 

"{C1FC766D-A782-477A-B490-FA16172D402A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{D0F16FE0-52C1-4C52-AF29-68DE77D310E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D65EF7A7-C554-4561-9608-A3C3C16C9418}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{DC16BC68-2759-4A5D-90EA-8627E1F8F5CE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{EC9D58C5-CD2D-48E6-B237-D66093A9BCB8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"TCP Query User{4EDDC306-BBA4-43C6-ABF5-DEF1C4939728}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 

"TCP Query User{75377825-EEA4-4464-B661-06623DB03B59}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{95E6D1C4-6B74-4AE6-9B25-9EB18225E21F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"TCP Query User{A4395095-804F-4D02-B0DD-6BDCB467B038}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"UDP Query User{0D5FB5CD-A380-4671-9577-A3D95A493650}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{34020B98-8F2F-4D4F-B487-7B3B7DEBAFD1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"UDP Query User{3B768A5C-38E0-4798-9027-4AC6C4559BC0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 

"UDP Query User{D8203853-AF2E-4908-A43E-19F666C31A61}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{563FE39E-B4D7-4DC0-B443-97313128AEC0}" = Hallmark Card Studio Special Edition

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110

"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes

"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console

"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{E583A6F3-8F2F-4644-97FF-748F83A58D68}_is1" =  Leawo DVD to MP4 Converter version  4.0.0.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F5F5364A-7B98-4E86-9B5B-9C916F9C8439}" = Guitar Praise

"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock

"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AviSynth" = AviSynth 2.5

"CCleaner" = CCleaner

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"CutePDF Writer Installation" = CutePDF Writer 3.0

"DVD Flick_is1" = DVD Flick 1.3.0.7

"File Shredder_is1" = File Shredder 2.5

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist 8.0.0.514

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"QuickPar" = QuickPar 0.9

"RealPlayer 12.0" = RealPlayer

"TVWiz" = Intel® TV Wizard

"VLC media player" = VLC media player 1.0.1

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-bit)

 

========== Last 20 Event Log Errors ==========

 

[ OSession Events ]

Error - 12/21/2010 5:13:13 PM | Computer Name = Boswell-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 12/21/2010 5:13:18 PM | Computer Name = Boswell-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 7/12/2011 12:47:04 PM | Computer Name = Jeana-Dell-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 

lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

< End of report >
Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=3bf28c57e249d34f82c7693c303bcf26

# engine=14530

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-07-25 08:39:02

# local_time=2013-07-25 03:39:02 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 1199691 126329533 0 0

# scanned=207525

# found=10

# cleaned=10

# scan_time=12286

sh=E924A2D4FE1F8D5AF89600D393FADBFF9A0DCCB4 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpocpeonookdeolcmmhdklmhghbpgbba\1\514dec56734ff8.55319705.js"

sh=2281BB048498536E8BD711327B7D9307C5E8A978 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\kekbkaoapoahpdjbicgbilfnpeloeacl\1\514ded60b13fb9.67497989.js"

sh=0B05EF00BA7CEEADEDF617E5A72A7CACAF08FE1A ft=0 fh=0000000000000000 vn="Java/Agent.BV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2f84494a-653b4e78"

sh=591FF427C836067615AAA8532CA999B9D389D960 ft=0 fh=0000000000000000 vn="Java/Agent.BV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51660c8f-44a325f6"

sh=618BAE93F06718D5CC115FB464136B184F50C910 ft=0 fh=0000000000000000 vn="Java/Agent.BV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\d81016d-708b68f7"

sh=A381E813DBC8E3CB30B1FE635B1AB1ADF266508D ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2010-0094.U trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jeana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\23b920c5-419dc0bb"

sh=23FF544E38C4231F7241CD722E26750A3BEE917C ft=1 fh=5242faf28a5ad173 vn="Win32/Olmarik.AYY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mitchell\AppData\LocalLow\F70.tmp"

sh=E5A133CB1754CC1CC37A32F1EF56049D947D0BE5 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mitchell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\79f7a80-29c5544b"

sh=9C830FD5175CEDC24117F3F78B3BE3C6577DFD8C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NNO trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mitchell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\f5d4160-352f817f"

sh=0E0F9A496ACDC20B5805F7F9D275B363AE1BCC5B ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-1493.CT trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Mitchell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5056b172-17a06210"
Link to post
Share on other sites

C:\Users\Jeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpocpeonookdeolcmmhdklmhghbpgbba\1\514dec56734ff8.55319705.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined

C:\Users\Jeana\AppData\Local\Google\Chrome\User Data\Default\Extensions\kekbkaoapoahpdjbicgbilfnpeloeacl\1\514ded60b13fb9.67497989.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined

C:\Users\Jeana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2f84494a-653b4e78 Java/Agent.BV trojan cleaned by deleting - quarantined

C:\Users\Jeana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51660c8f-44a325f6 Java/Agent.BV trojan cleaned by deleting - quarantined

C:\Users\Jeana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\d81016d-708b68f7 Java/Agent.BV trojan cleaned by deleting - quarantined

C:\Users\Jeana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\23b920c5-419dc0bb a variant of Java/Exploit.CVE-2010-0094.U trojan cleaned by deleting - quarantined

C:\Users\Mitchell\AppData\LocalLow\F70.tmp Win32/Olmarik.AYY trojan cleaned by deleting - quarantined

C:\Users\Mitchell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\79f7a80-29c5544b multiple threats cleaned by deleting - quarantined

C:\Users\Mitchell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\f5d4160-352f817f a variant of Java/Exploit.Agent.NNO trojan cleaned by deleting - quarantined

C:\Users\Mitchell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5056b172-17a06210 a variant of Java/Exploit.CVE-2013-1493.CT trojan cleaned by deleting - quarantined
Link to post
Share on other sites

Still have a little more to do, but we're nearly there.

----------Step 1----------------

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.

    :OTL

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

     

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

     

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

     

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment

     

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free

     

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Both

    :Commands

    [purity]

    [emptytemp]

    [emptyjava]

    [emptyflash]

    [Reboot]

  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
----------Step 2----------------

Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Afterwards, please reboot the computer.

----------Step 3----------------

Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites

All processes killed

========== OTL ==========

C:\Windows\assembly\Desktop.ini moved successfully.

File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.

File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Jeana

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 488290717 bytes

->Java cache emptied: 11740937 bytes

->FireFox cache emptied: 1842429 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 3306 bytes

 

User: Mitchell

->Temp folder emptied: 1339250 bytes

->Temporary Internet Files folder emptied: 90908633 bytes

->Java cache emptied: 46858 bytes

->Google Chrome cache emptied: 190678364 bytes

->Flash cache emptied: 506 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 74783 bytes

RecycleBin emptied: 24776 bytes

 

Total Files Cleaned = 749.00 mb

 

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Jeana

->Java cache emptied: 0 bytes

 

User: Mitchell

->Java cache emptied: 0 bytes

 

User: Public

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Jeana

->Flash cache emptied: 0 bytes

 

User: Mitchell

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 07262013_112704

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 07/26/2013 at 11:41:27

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)

# User : Mitchell - JEANA-DELL-LAPT

# Boot Mode : Normal

# Running from : C:\Users\Mitchell\Desktop\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\Jeana\AppData\Local\Wondershare

Folder Deleted : C:\Users\Jeana\AppData\LocalLow\CouponAlert_2p

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p

Key Deleted : HKCU\Software\AppDataLow\Software\iWon

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\Software\SProtector

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Users\Jeana\AppData\Local\Google\Chrome\User Data\Default\Preferences

 


 

File : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2837 octets] - [25/07/2013 11:15:21]

AdwCleaner[s1].txt - [1816 octets] - [26/07/2013 11:41:27]

 

########## EOF - C:\AdwCleaner[s1].txt - [1876 octets] ##########
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.