Guys I have Avira 2010 software, when run the setup it goes all fine but when the file extraction starts from the setup the setup crash! No crash reports or anything! Please help!!!

Hi. I'm running a Viewsonic with xp operating system. It is set to turn off at particular times if it is not in use. It did this this afternoon, and a while later I turned it back on. Except it didn't. The screen remained black and displayed a small image which looked like a face, in as much as it was square, and contained two dots for eyes and two horizontal bars for a mouth. I have attached a photo. Beside the square was a single pulsing bar, a few pixels across - ie like a cursor in DOS. When any key was hit the suare would go to the top of the screen and then reappear at the bottom left. I re-booted, (by turning it off by the power switch) and it did the same thing. I did it again, it did the same thing. I turned it off, and using another computer found your forum. I think it is/was a virus because of the idea that the square is a face. However, in oder to write this, I wanted to make sure I got the sequence correct, I turned on the computer, and it booted normally. I'm currently doing a full scan to see if that picks up anything. Does anyone have any idea what might be happening/have happened? I would be very grateful for any response.:confused:

Attached Thumbnails

 

:thanx: Hi, I just wanted to start off by thanking you guys for the time you spend helping us with our computer problems. Its very much appreciated. Ok, the problems that I seem to be having is mostly my administrative rights being taken away and also system files being changed or I get locked out of them. Any system file that I would try to open or anything I would try to install would say:

ShellExecuteEx failed; code 203.
The system could not find the environment option that was entered.

I think I have fixed that problem and Im not having any trouble with that anymore but I dont think that my computer has gotten rid of all the malware and viruses so Im wanting to double check with you and see if theres anything else you can tell me. I have read over your "Spyware 1st Steps" and Ive tried to complete all the steps you ask. When I tried the scan using the gmer.exe program, my computer was having problems completeing the scan the first way you suggested to do it, which was selecting most of the boxes. The first time I tried my computer crashed and the second time the program shut down on me. So after that I tried and was able to complete the scan by having only the SECTIONS box and the C: drive box checked. So the ark.txt log and also the attach.txt log are both together in a zipped file named attach.zip. As for the DDS, its down below. Please let me know if theres anything else you need from me, and again thank you guys so much for the help :smitten: Oh, I have one other question I wanted to ask you. Whenever I open up my task manager and I view what processes are going, I see LOTS of svchost.exe applications listed. Theres like 14 of them running at once. Is this normal?? Just thought it was odd and was wondering. Please get back to me when you can. Thanks.

Here is the DDS log file:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.7.2
Run by Kathy at 4:34:35 on 2013-03-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.109 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*Yahoo!
uProxyOverride = 192.168.*.*
mSearchAssistant = about:blank
uURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - <orphaned>
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search - ?p=ZJxdm128YYUS
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\hqbl7thl.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-5-12 34248]
.
=============== Created Last 30 ================
.
2013-03-29 09:06:23 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a5db351f-a5e7-47fa-87ea-ffdc0e74538e}\mpengine.dll
2013-03-27 20:28:08 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-03-27 20:28:03 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-03-27 20:28:03 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-03-27 10:01:34 -------- d-----w- c:\windows\CheckSur
2013-03-27 08:21:28 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-26 10:09:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-26 10:01:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-26 10:01:46 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-03-26 06:14:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-03-26 06:14:11 75776 ----a-w- c:\windows\system32\synceng.dll
2013-03-26 06:14:09 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-03-26 06:14:09 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-03-26 06:14:04 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-03-26 06:11:59 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-26 06:10:19 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-26 06:10:10 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-03-26 06:10:09 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-26 06:10:09 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-26 06:06:53 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-03-26 06:06:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-26 06:05:58 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-03-26 06:05:53 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-26 06:04:42 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-26 06:04:40 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-26 05:16:22 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-03-26 04:34:54 -------- d-----w- c:\users\kathy\WPDNSE
2013-03-26 03:43:53 344064 ----a-w- c:\users\kathy\~DF263D.tmp
2013-03-26 03:43:53 -------- d-----w- c:\users\kathy\appdata\roaming\Malwarebytes
2013-03-26 03:43:38 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 03:43:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-26 03:19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-26 02:20:42 -------- d-----w- c:\users\kathy\Temp1_other.zip
2013-03-26 02:20:39 -------- d-----w- c:\users\kathy\Temp1_core2.zip
2013-03-26 02:20:37 -------- d-----w- c:\users\kathy\Temp1_core1.zip
2013-03-26 02:20:07 -------- d-----w- c:\users\kathy\Temp3_ffjcext.zip
2013-03-26 02:20:07 -------- d-----w- c:\users\kathy\Temp2_ffjcext.zip
2013-03-26 02:20:07 -------- d-----w- c:\users\kathy\Temp1_ffjcext.zip
2013-03-26 02:20:03 -------- d-----w- c:\users\kathy\Temp1_hcsolutions.zip
2013-03-26 02:20:01 -------- d-----w- c:\users\kathy\Temp1_extra.zip
2013-03-26 02:20:00 -------- d-----w- c:\users\kathy\Temp1_core3.zip
2013-03-26 02:18:03 -------- d-----w- c:\users\kathy\Temp2_QTJava.zip
2013-03-26 02:17:55 -------- d-----w- c:\users\kathy\Temp1_guidAcheck.zip
2013-03-26 02:17:51 -------- d-----w- c:\users\kathy\Temp1_guid.zip
2013-03-26 02:06:41 -------- d-----w- c:\users\kathy\Temp1_{830D8CBD-C668-49e2-A969-C2C2106332E0}15f5ec1a.zip
2013-03-26 02:06:35 -------- d-----w- c:\users\kathy\Temp1_MS Office 9.0-0000.zip
2013-03-26 02:06:34 -------- d-----w- c:\users\kathy\Temp1_Log-0000.zip
2013-03-26 02:06:34 -------- d-----r- c:\users\kathy\Temp1_Adobe FlashPlayer Cookies-0000.zip
2013-03-26 02:06:17 -------- d-----w- c:\users\kathy\Temp1_QTJava.zip
2013-03-25 23:36:42 23784 ----a-w- c:\users\kathy\jar_cache810545407248282337.tmp
2013-03-25 23:36:38 162342 ----a-w- c:\users\kathy\jar_cache5944341240564910929.tmp
2013-03-25 23:33:03 24087 ----a-w- c:\users\kathy\jar_cache1260781167568378051.tmp
2013-03-25 23:32:57 155614 ----a-w- c:\users\kathy\jar_cache9104242265208800127.tmp
2013-03-25 23:29:55 161473 ----a-w- c:\users\kathy\jar_cache5011018460118787721.tmp
2013-03-25 16:27:11 -------- d-----w- c:\users\kathy\gm_ttt_60810
2013-03-25 16:13:29 335520 ----a-w- c:\users\kathy\4E4E.tmp
2013-03-25 08:40:58 0 ------w- c:\users\kathy\jar_cache2237421101716404614.tmp
2013-03-25 08:36:59 -------- d-----w- c:\users\kathy\plugtmp-7
2013-03-24 19:05:42 -------- d-----w- c:\users\kathy\plugtmp-6
.
==================== Find3M ====================
.
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-17 08:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 4:48:58.43 ===============

Attached Files

attach.zip (3.1 KB)

Hi,
I have some kind of virus that creates text links on all websites I visit. When I hover over the link it shows a pic, and when I click it it send me to some affiliate url.

PIC:



Before coming here I tried to removed it myself with: AVG virus scan, malware bytes virus scan and a hitman pro virus scan. All of them picked up some infections and removed them but non of them removed this advertising virus.

I followed these instructions:http://www.techsupportforum.com/foru...lp-305963.html

Removed deamontools, utorrent, and shut down my virus scanner when doing the DDS & GMER scan.

DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.13.2
Run by Danique at 20:44:31 on 2013-03-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.4094.2432 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\RemoteAutomator\AppStart.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNACBSWK.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\RemoteAutomator\Release\RemoteAutomator.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=128F00026F6B2FE3
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=93&bd=Pavilion&pf=cndt
mStart Page = hxxp://search.easylifeapp.com/?pid=625&src=ie1&r=2013/03/05&hid=2870661783&lg=EN&cc=NL
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=93&bd=Pavilion&pf=cndt
uProxyOverride = 127.0.0.1
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll
uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Sing Along: {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files (x86)\SingAlong\singalng.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: BBrroWse2seaveo: {8317BBA6-B524-5455-90C1-3B3FE7C2B1FE} -
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll
TB: uTorrentBar_NL Toolbar: {87775FDB-6972-41F9-AE51-8326E38CB206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spyware Doctor] C:\Users\Danique\Desktop\sdsetup_revwire207.exe -min
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [openvpn-gui] "C:\Program Files (x86)\UltraVPN\bin\openvpn-gui.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SYNNDR~1.LNK - C:\Program Files (x86)\RemoteAutomator\AppStart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BBB56AC8-6C07-4BAC-B4C5-BA634FD83E14} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
AppInit_DLLs= c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll c:\progra~2\easylife\sprote~1.dll c:\progra~2\browse~1\sprote~1.dll
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=93&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=93&bd=Pavilion&pf=cndt
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
x64-Run: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
Hosts: 74.208.10.249 gs.apple.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Danique\AppData\Roaming\Mozilla\Firefox\Profiles\s44935b0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=625&src=ff2&r=2013/03/05&hid=2870661783&lg=EN&cc=NL&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Danique\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Danique\AppData\Roaming\Mozilla\Firefox\Profiles\s44935b0.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Danique\AppData\Roaming\Mozilla\Firefox\Profiles\s44935b0.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-09 21:23; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; C:\Users\Danique\AppData\Roaming\Mozilla\Firefox\Profiles\s44935b0.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: 2013-03-05 22:09; mdsq4tqbx@rqhhqz.com; C:\Users\Danique\AppData\Roaming\Mozilla\Firefox\Profiles\s44935b0.default\extensions\mdsq4tqbx@rqhhqz.com
FF - ExtSQL: !HIDDEN! 2013-02-26 20:38; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 vmci;VMware VMCI Bus Driver;C:\Windows\System32\drivers\vmci.sys [2012-10-24 85104]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-1-7 70296]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-18 39768]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-4-25 93272]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2013-1-7 237992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2013-1-7 120232]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-2-23 805752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-3-23 2569168]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-11-4 296808]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-3-28 2074768]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-2 8704]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-12 3467768]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2011-9-18 1064448]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-18 609280]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2012-12-19 132008]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2012-12-19 146856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2008-1-21 27648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-3-30 32152]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S3 PerfHost;Host van prestatiemeter-DLL;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2013-1-13 89920]
S4 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2011-10-10 995232]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-03-31 18:43:05 688992 ------r- C:\Users\Danique\dds.scr
2013-03-30 21:12:21 32152 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-03-28 16:47:08 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-03-28 16:47:08 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-03-28 13:25:33 723230 ----a-w- C:\Windows\unins000.exe
2013-03-13 17:34:18 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 17:34:18 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-13 17:34:09 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-03-04 13:53:46 72013344 ----a-w- C:\Windows\System32\mrt.exe
2013-02-24 21:27:11 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-02-24 21:25:35 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-02-22 22:17:55 682280 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2013-02-18 16:33:54 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-02-16 19:21:42 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-16 19:21:23 262560 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-02-16 19:21:23 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-02-16 19:21:23 174496 ----a-w- C:\Windows\SysWow64\java.exe
2013-02-16 19:21:22 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-16 19:21:22 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-12 02:18:19 19456 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-02 07:31:33 17815040 ----a-w- C:\Windows\System32\mshtml.dll
2013-02-02 06:58:20 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:48:08 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:46:15 237056 ----a-w- C:\Windows\System32\url.dll
2013-02-02 06:43:51 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:42:08 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:40:19 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-02-02 06:39:33 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-02-02 06:38:20 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 06:34:01 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-02-02 04:09:34 12321792 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-02-02 03:42:27 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:31:03 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:29:22 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-02-02 03:27:56 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:45 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:25:16 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-02-02 03:23:51 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-02-02 03:23:44 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-02 03:20:00 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-01-31 07:08:34 39904 ----a-w- C:\Windows\SysWow64\dischandler.exe
2013-01-25 17:04:08 4012544 ----a-w- C:\Windows\System32\ffmpeg.dll
2013-01-25 17:03:30 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2013-01-25 17:03:16 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2013-01-25 17:03:12 4371456 ----a-w- C:\Windows\System32\ffdshow.ax
2013-01-25 17:02:42 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2013-01-25 17:02:14 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
2013-01-25 17:02:12 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2013-01-25 17:02:12 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2013-01-25 17:02:12 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2013-01-25 17:02:12 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2013-01-25 17:02:10 183296 ----a-w- C:\Windows\System32\ff_unrar.dll
2013-01-25 16:48:32 3915776 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2013-01-25 16:47:32 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-01-25 16:47:18 3500544 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2013-01-25 16:46:18 271360 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2013-01-25 16:46:16 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2013-01-25 16:46:16 157184 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2013-01-25 16:46:12 211968 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2013-01-25 16:46:12 147456 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2013-01-25 16:46:08 1525760 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2013-01-25 16:46:08 114688 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2013-01-25 16:02:56 7993776 ----a-w- C:\Windows\System32\avcodec-lav-54.dll
2013-01-25 16:02:56 511656 ----a-w- C:\Windows\System32\LAVSplitter.ax
2013-01-25 16:02:56 406000 ----a-w- C:\Windows\System32\swscale-lav-2.dll
2013-01-25 16:02:56 359592 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
2013-01-25 16:02:56 278184 ----a-w- C:\Windows\System32\LAVAudio.ax
2013-01-25 16:02:56 262848 ----a-w- C:\Windows\System32\avutil-lav-52.dll
2013-01-25 16:02:56 215720 ----a-w- C:\Windows\System32\libbluray.dll
2013-01-25 16:02:56 185568 ----a-w- C:\Windows\System32\avresample-lav-1.dll
2013-01-25 16:02:56 180816 ----a-w- C:\Windows\System32\avfilter-lav-3.dll
2013-01-25 16:02:56 1514152 ----a-w- C:\Windows\System32\LAVVideo.ax
2013-01-25 16:02:56 1206616 ----a-w- C:\Windows\System32\avformat-lav-54.dll
2013-01-25 16:00:40 420008 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
2013-01-25 16:00:40 384472 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
2013-01-25 16:00:40 279208 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
2013-01-25 16:00:40 247920 ----a-w- C:\Windows\SysWow64\avutil-lav-52.dll
2013-01-25 16:00:40 243880 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
2013-01-25 16:00:40 183976 ----a-w- C:\Windows\SysWow64\libbluray.dll
2013-01-25 16:00:40 165160 ----a-w- C:\Windows\SysWow64\avresample-lav-1.dll
2013-01-25 16:00:40 1186984 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
2013-01-25 16:00:38 7833552 ----a-w- C:\Windows\SysWow64\avcodec-lav-54.dll
2013-01-25 16:00:38 169888 ----a-w- C:\Windows\SysWow64\avfilter-lav-3.dll
2013-01-25 16:00:38 1257464 ----a-w- C:\Windows\SysWow64\avformat-lav-54.dll
2013-01-15 02:27:08 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-01-15 02:26:56 308640 ----a-w- C:\Windows\System32\javaws.exe
2013-01-15 02:26:56 188832 ----a-w- C:\Windows\System32\javaw.exe
2013-01-15 02:26:56 188832 ----a-w- C:\Windows\System32\java.exe
.
============= FINISH: 20:46:08,94 ===============

Attached Files

Attach.rar (5.5 KB)

Please delete my previous thread by my user name "not sure where to begin" as I did not read the how to section before posting. Hopefully this is the correct way to do this.

I use a compaq presario v2000 laptop using win xp serv pack 3. For the past couple of weeks it has not been doing as requested with most programs not responding for anything. When attempting to go online a box appears saying it cannot find requested internet page. When I turn off the wireless router, it will still say connected in the sys tray even though light is off. When I bring up the open network connections block it will say it is connected to a router I have no idea of, and not say the one it should be connecting too. When I refresh the list it will say no network connection detected.

I cleaned out the history, used ccleaner and was able briefly to get on the internet to update my Norton endpoint and malwarebytes but then I could not duplicate the ability to access the internet again. I am using my desk top to get in touch with you currently.

When I run malwarebytes it comes back without finding malicious items. Norton ran and detected an old AVG file that I thought had been removed when I uninstalled avg and went with Norton. When I ran norton again, it started the full scan and within seconds went to a blue screen and the computer shut down and restarted. I tried about 3 times to run norton and same thing happened. I deleted norton and planned to re-install thinking I must have corrupted a file..... I ran AVG remover from this site and it found a bunch of stuff that was removed. I also ran rogue killer but the same thing happened after it almost completed, the computer went blue screen with words that went too fast for me to read and then restarted. I did the log files with the gmer and dds as instructed and I hope there is something that can be done. Not sure if this problem is me or a hijack.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Tim Wright at 13:50:34 on 2013-04-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1409 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\iavlsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351088565093
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351088806375
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {819F8533-D935-4183-B692-587F8D56AC3C} - hxxp://www.iolo.com/threatcenter/App/ocx/AVCheckUp.ocx
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - <orphaned>
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - <orphaned>
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
LSA: Notification Packages = scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-31 398184]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 231424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-31 21104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-31 682344]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\timwri~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\timwri~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-11-9 20704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-04-01 16:13:52 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-03-31 17:29:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-31 17:29:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-22 17:20:52 -------- d-----w- c:\documents and settings\tim wright\local settings\application data\Symantec
2013-03-22 17:00:17 -------- d-----w- C:\SEP
2013-03-22 15:46:00 -------- d-----w- c:\documents and settings\tim wright\application data\TuneUp Software
2013-03-14 21:24:12 -------- d-----w- c:\documents and settings\tim wright\application data\Malwarebytes
2013-03-14 21:22:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2013-03-13 16:43:59 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:43:57 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: TOSHIBA_MK4025GAS rev.KA101A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A43F4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a44693c]; MOV EAX, [0x8a446ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\Harddisk0\DR0[0x8A531AB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\00000073[0x8A53A9E8]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EE190] -> [0x8A518940]
\Driver\atapi[0x8A5197D8] -> IRP_MJ_CREATE -> 0x8A43F4B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { CLI ; XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; PUSH AX; POP ES; PUSH AX; POP DS; STI ; CLD ; MOV DI, 0x600; MOV CX, 0x100; REPNZ MOVSW ; JMP FAR 0x0:0x61d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A43F2E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:51:38.85 ===============

Attached Files

ark.zip (4.5 KB)

Hello. I installed a program called Hotspot Shield, it didnt work for me so i went to uninstall it, and when i did i got a blue screen that made me restart my computer(i will attach a pic of the screen). Once it restarted, i cant open anything(my computer, control panel, folders, etc), because i get this message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Also, for some reason i think it deleted my google chrome files because when i try to use chrome i get this message "unable to find locale data files. Please reinstall". Also, my internet is working but for some reason the internet icon in the tray has a red X on it, symbolizing that my internet doesnt work. My first thought was to do a system restore as there was a restore point right when i installed hotspot Shield, so i did. When the computer turned back on, none of these problems were fixed, so i tried to do an earlier restore point, but it now says "System Restore does not appear to be functioning correctly. A volume Shadow copy service component encountered an unexpected error". I looked this up and went to the services and tried to start all of the ones to do with the restore, but it still didnt work. I also tried restore in Safe Mode. Then i ran a full scan with both Malware Bytes and Avast, nothing came up in Avast, but a few came up in malware bytes, and i had it get rid of them, but still nothing works. i cant open my documents to back stuff up, so now im really worried, and i want to avoid a clean install(i do have a windows cd) for that very reason. I also tried windows repair service, but it said it couldn't repair after it tried for like 2 hours.

DDS Text

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2
Run by Kevin C at 19:23:43 on 2013-04-01
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb119?a=6OytHy8t5m&i=26
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: TVersitybar Toolbar: {66BD2442-241B-44CD-8C7A-B51037053CDB} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: MyAshampoo Toolbar: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyA0.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Kevin C\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
uRun: [GoogleChromeAutoLaunch_9A8483263C400323BB0F6549A9A076FB] "C:\Users\Kevin C\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MINIEY~1.LNK - C:\Program Files (x86)\Infinite Mind LC\eyeQ\ARLaunch.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOBILE~1.LNK - C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{21AC478B-F77C-4CF2-AB0A-0C9F95BD5CFF} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{328ADD71-6DC5-466B-B08E-65C98DCA41FF} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6F26D5CE-38ED-47AE-892C-928BD293C924} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{DDA6C312-2A84-424D-8A0A-CD8EF1524F4F} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin C\AppData\Roaming\Mozilla\Firefox\Profiles\f79g53al.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Kevin C\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-30 04:11; afurladvisor@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-01 19:35:19 0 ----a-w- C:\Windows\notepad.com
2013-04-01 19:25:51 -------- d-----w- C:\Users\Kevin C\AppData\Local\{9DE179B4-51A3-4416-894E-5B7AA1B39C3B}
2013-03-31 23:56:21 -------- d-----w- C:\Users\Kevin C\AppData\Local\{FE5F5CA0-A4B5-45AD-8A9D-35F89FF2EB63}
2013-03-31 15:28:34 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-31 15:28:33 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-31 10:05:58 -------- d-----w- C:\Users\Kevin C\AppData\Local\{FC9166FA-847B-43A6-90D4-8906B8C95CEF}
2013-03-30 22:05:11 -------- d-----w- C:\Users\Kevin C\AppData\Local\{DFF1DC5A-445F-4DB1-B8BF-AAC3D48C270B}
2013-03-30 06:51:24 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A864701E-0774-463F-9625-31BBB7FE8EFC}\mpengine.dll
2013-03-30 06:47:55 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-30 03:36:30 -------- d-----w- C:\Users\Kevin C\AppData\Local\Programs
2013-03-30 03:18:32 -------- d-----w- C:\ProgramData\Hotspot Shield
2013-03-30 03:18:28 -------- d-----w- C:\Program Files (x86)\Hotspot Shield
2013-03-12 14:49:09 -------- d-----w- C:\Users\Kevin C\AppData\Local\{EE69553C-D9C1-47A2-8C2E-139744B3E218}
2013-03-10 15:31:11 -------- d-----w- C:\Users\Kevin C\AppData\Local\{572728C4-6DA5-4DBD-B1D8-99C426C6ECF6}
2013-03-08 01:22:16 -------- d-----w- C:\ProgramData\RELOADED
2013-03-08 01:14:16 -------- d-----w- C:\Program Files (x86)\The Walking Dead
2013-03-06 22:58:55 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games
2013-03-04 20:15:01 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-04 20:07:06 -------- d-----w- C:\Users\Kevin C\AppData\Local\{B354E416-1BFC-4936-9021-C0454167AEC6}
2013-03-03 14:56:52 -------- d-----w- C:\Users\Kevin C\AppData\Local\{A9A9FE60-600F-4E40-BE65-3778524CA458}
.
==================== Find3M ====================
.
2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-04 20:14:56 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-04 20:14:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-28 13:57:26 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-02-28 13:37:29 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-28 12:03:52 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-28 11:38:43 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-23 23:37:12 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2013-01-17 05:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 19:24:03.52 ===============

Attached Thumbnails

 

Attached Files

attach.zip (15.2 KB)

Hello, the link I'm about to provide DO NOT CLICK. We are in teamspeak talking and he sent me a link that he didnt send, and im getting sent this link from other people too, and people are recieving this link also.

I've noticed that who ever this gets sent to, it changes the link to their username.


DO NOT CLICK hxxp://ow.ly/jOuWX?sm=zombiemayn DO NOT CLICK

This is what my friend received.

Please HELP!

I am using avg free 2013

Some preliminary stuff:
Windows 7 home premium service pack 1
Unable to give AVG version & virus database version because unable to open UI. But I managed to update it by right clicking the tray icon.
Quickheal preinstalled with computer, but uninstalled completely a long time ago.

I noticed this problem on March 31 2013. It was definitely not there before march 20.
When I click the AVG link on my desktop or start menu, The user interface becomes visible for half a second or so before disappearing. This happens each time.
I reinstalled AVG using the 'repair' option in add and remove programs section of control panel. That did not work.
My computer has dual boot with ubuntu on another partition with clamav and avg for linux
Clamav detected some infected files which I quarantined, charmap.exe and mscorsvw.exe were among them. After quarantining everything detected by clamav in an Ubuntu folder I also ran avg for linux command line scan which returned nothing. I restarted windows but problem is still there.
AVG UI appears properly when in safe mode, but it only allows me to run command line scans.
GMER encountered errors when 'show all' was on, so I have attached result with 'show all' off.

I dont have any type of windows boot cd.

PS If this turns out to be a problem with AVG I am very sorry to have wasted your time.

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2
Run by joshi at 14:55:53 on 2013-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.2924.1451 [GMT 5.5:30]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\DOLBY PCEE4\pcee4.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\joshi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\joshi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Users\joshi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\joshi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://acer.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\joshi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://usnjym01.tcs.com/dwa8W.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2AB0589A-72DC-41E6-BB66-A3EB0CA87DD3} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{2AB0589A-72DC-41E6-BB66-A3EB0CA87DD3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8671C6E9-4C9D-4E3C-B7C9-E33B0621E1EC} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - <Clsid value has no data>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-5-24 25960]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-4-5 17720]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-5-24 198784]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-1 352336]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-1 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-4-1 1817088]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-3-26 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-2-16 257344]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-4-1 260640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-1 2656280]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-3 28832]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-10-16 66728]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-1 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-1 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-4-1 333928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-3 36000]
S3 BazisPortableCDBus;Portable WinCDEmu driver;C:\Windows\System32\drivers\BazisPortableCDBus.sys [2012-6-13 268896]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-3 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-3 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-3 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-3 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-3 280224]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-24 1431888]
S3 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-16 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-16 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-3 1255736]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-3 76448]
S4 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-5-24 799848]
S4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-05 06:56:44 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47B48907-C356-451C-8818-815D4F294F79}\mpengine.dll
2013-04-01 07:03:25 -------- d-----w- C:\Users\joshi\AppData\Roaming\Softland
2013-04-01 07:03:23 25920 ----a-w- C:\Windows\System32\dopdfmn7.dll
2013-04-01 07:03:23 21312 ----a-w- C:\Windows\System32\dopdfmi7.dll
2013-04-01 07:03:22 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-04-01 07:03:22 -------- d-----w- C:\Program Files\Softland
2013-03-26 09:37:59 -------- d-----w- C:\ProgramData\Acer
2013-03-25 16:31:18 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-25 06:17:29 -------- d-----w- C:\zork1
2013-03-11 14:18:57 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-03-14 13:22:17 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 13:22:17 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-11 19:40:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-11 14:18:51 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-11 14:18:51 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-26 18:10:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-02-13 22:22:46 239416 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-07 23:07:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-02-07 23:07:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-02-07 23:07:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-02-07 23:07:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-02-07 23:07:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-01-15 13:19:06 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 14:57:07.21 ===============

Attached Files

attach.zip (7.5 KB)

Hello Staff Members,

My friend keeps getting malware issues on his laptop so I have come here for some help. Here are the logs you requested. I am also installing Avira (after getting rid of AVG which did nothing).

DDS
He doesn't have a backup / boot disk.

Thanks,
-Redeye (on behalf of GunnerDan2110)

Attached Files

attach.zip (9.9 KB)

I have a Backdoor.Rbot.aveq though sometimes it's Backdoor.Rbot.awi
Vba32 keeps picking it up and deleting it, but I feel it's linked to the temp folder or something because everytime I try to install anything Vba32 tells me
"C:\Users\admin\AppData\Local\Temp\CR_04BFF.tmp\setup.exe" contains virus Backdoor.Rbot.aveq.
Vba32 deletes it, but every single time i try to install something I get it.
It has been stalling my Vba32 start up as well, so much so I have to keep restarting it.

Please Help!!
I think I got it from an email that was downloaded into my IMAP folder on my computer.
I use this computer for everything!!

I'm on Vista64

thank you

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is a new Thread of the same problem, here are ALL the logs thus far:

My DDS text:
++++++++++++++++++++++++++
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_30
Run by admin at 13:35:55 on 2013-02-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.6134.3143 [GMT 11:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIGKP.EXE
C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot\SDWinSec.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Vba32\vba32ldrgui.exe
C:\Program Files (x86)\Vba32\Vba32Ldr.exe
C:\Program Files (x86)\Vba32\VbaScheduler.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\calc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\myob galore\myobPlus195\Myob.exe
C:\Windows\System32\calc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [WorkForce 60(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGKP.EXE /FU "C:\Windows\TEMP\E_SC12.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -update activex
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Vba32Loader] "C:\Program Files (x86)\Vba32\Vba32Ldr.exe"
mRun: [Vba32LoaderGUI] "C:\Program Files (x86)\Vba32\vba32ldrgui.exe"
StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot\SDHelper.dll
LSP: %SYSTEMROOT%\System32\dllhook.dll
LSP: C:\Windows\System32\wpclsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{64883A9B-5BD1-47AF-8EA1-E7F5D3C42A42} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: GoToAssist - <no file>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pxxhc0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/webhp?hl=all
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\admin\AppData\Local\ABR\Plug-In\bin\npAUSkeyPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: !HIDDEN! 2009-06-26 08:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-27 55024]
R1 Vba32mNT;Vba32mNT;C:\Program Files (x86)\Vba32\Vba32m64.sys [2009-2-4 62016]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/05/27 20:58:59];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-5-27 146928]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot\SDWinSec.exe [2009-9-9 1153368]
R2 Vba32Ldr;Vba32 Loader Service;C:\Program Files (x86)\Vba32\vba32ldr.exe [2009-7-6 701816]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2009-5-28 230424]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-5-28 1445912]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2009-5-28 95256]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2009-5-28 1614872]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-13 93184]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-5-27 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-5-27 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2009-5-28 230424]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-5-28 1445912]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2009-5-28 95256]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]
S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-5 28152]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-5-14 1120752]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 Vba32ECM;Vba32ECM;C:\Program Files (x86)\Vba32\vba32ldr.exe [2009-7-6 701816]
S3 Vba32ifs;Vba32ifs;C:\Program Files (x86)\Vba32\vba32ldr.exe [2009-7-6 701816]
S3 Vba32PP3;Vba32PP3;C:\Program Files (x86)\Vba32\vba32ldr.exe [2009-7-6 701816]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-01-16 14:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-07 05:16:07 26888 ----a-w- C:\Windows\SysWow64\drivers\Vba32Prot.sys
2013-01-07 05:16:07 18496 ----a-w- C:\Windows\SysWow64\drivers\Vba32d64.sys
2013-01-07 05:03:25 148864 ----a-w- C:\Windows\SysWow64\dllhook.dll
2012-12-16 06:31:32 67599240 ----a-w- C:\Windows\System32\mrt.exe
2009-09-21 22:12:29 359932 ----a-w- C:\Program Files (x86)\dds.scr
.
============= FINISH: 13:36:59.80 ===============
++++++++++++++++++++++++++

My Attach.txt
+++++++++++++++++++++
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 28/05/2009 6:14:37 AM
System Uptime: 9/02/2013 7:44:13 AM (6 hours ago)
.
Motherboard: DELL Inc. | | 0X501H
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 292.245 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.138 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1033: 8/12/2012 9:04:46 AM - Scheduled Checkpoint
RP1034: 10/12/2012 10:52:42 AM - Scheduled Checkpoint
RP1035: 11/12/2012 11:29:15 AM - Scheduled Checkpoint
RP1036: 12/12/2012 8:20:49 AM - Scheduled Checkpoint
RP1037: 13/12/2012 7:01:14 AM - Scheduled Checkpoint
RP1038: 15/12/2012 8:34:14 AM - Scheduled Checkpoint
RP1039: 17/12/2012 12:09:06 PM - Scheduled Checkpoint
RP1040: 18/12/2012 12:09:08 PM - Scheduled Checkpoint
RP1041: 19/12/2012 8:11:56 AM - Scheduled Checkpoint
RP1042: 20/12/2012 12:19:04 PM - Scheduled Checkpoint
RP1043: 21/12/2012 9:43:25 AM - Scheduled Checkpoint
RP1044: 22/12/2012 8:39:58 AM - Scheduled Checkpoint
RP1045: 3/01/2013 1:33:16 PM - Scheduled Checkpoint
RP1046: 4/01/2013 12:44:40 PM - Scheduled Checkpoint
RP1047: 5/01/2013 12:53:03 PM - Scheduled Checkpoint
RP1048: 7/01/2013 3:54:02 PM - Installed Vba32 for Windows Vista
RP1049: 8/01/2013 12:13:08 PM - Scheduled Checkpoint
RP1050: 9/01/2013 9:33:40 AM - Scheduled Checkpoint
RP1051: 11/01/2013 11:22:46 AM - Scheduled Checkpoint
RP1052: 14/01/2013 9:05:22 AM - Scheduled Checkpoint
RP1053: 15/01/2013 8:02:26 AM - Scheduled Checkpoint
RP1054: 16/01/2013 7:50:10 AM - Scheduled Checkpoint
RP1055: 17/01/2013 12:23:52 PM - Scheduled Checkpoint
RP1056: 18/01/2013 12:50:59 PM - Scheduled Checkpoint
RP1057: 19/01/2013 8:16:53 AM - Scheduled Checkpoint
RP1058: 22/01/2013 12:56:01 PM - Scheduled Checkpoint
RP1059: 23/01/2013 7:42:01 AM - Scheduled Checkpoint
RP1060: 24/01/2013 10:22:01 AM - Scheduled Checkpoint
RP1061: 25/01/2013 2:03:07 PM - Scheduled Checkpoint
RP1062: 26/01/2013 8:47:52 AM - Scheduled Checkpoint
RP1063: 28/01/2013 4:40:39 PM - Scheduled Checkpoint
RP1064: 29/01/2013 11:55:35 AM - Scheduled Checkpoint
RP1065: 31/01/2013 9:47:29 AM - Scheduled Checkpoint
RP1066: 1/02/2013 8:19:25 AM - Scheduled Checkpoint
RP1067: 2/02/2013 9:40:42 AM - Scheduled Checkpoint
RP1068: 3/02/2013 5:45:37 PM - Scheduled Checkpoint
RP1069: 4/02/2013 8:31:15 AM - Scheduled Checkpoint
RP1070: 5/02/2013 1:34:08 PM - Windows Update
RP1071: 5/02/2013 2:19:46 PM - Windows Update
RP1072: 6/02/2013 10:42:49 AM - Scheduled Checkpoint
RP1073: 7/02/2013 12:16:19 PM - Scheduled Checkpoint
RP1074: 8/02/2013 11:37:25 AM - Scheduled Checkpoint
RP1075: 9/02/2013 8:44:04 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.65
Acrobat.com
Add or Remove Adobe Creative Suite 3 Design Standard
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Standard
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.4)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
ATI Catalyst Control Center
AUSkey software 1.3.18
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Bonjour
Brother HL-4050CDN
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
Choice Guard
Creative MediaSource 5
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
DirectXInstallService
Dolby Digital Live Pack
Doxie
Doxie 2.2.1
Dropbox
ECI Client v6.0
EMCGadgets64
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
EPSON WorkForce 60 Series Manual
EPSON WorkForce 60 Series Network Guide
EPSON WorkForce 60 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
ESET Online Scanner v3
ExtractMoJo
Eye-Fi Center 3.4
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.5.0
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
iPod to PC Transfer
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Kerio MailServer 6.7 Administration
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 18.0.1 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.1 (x86 en-GB)
Mozilla Thunderbird 17.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFonts Order M3779040
MYOB Accounting Plus v18
MYOB Accounting Plus v18.5
MYOB AccountRight Plus v19.5
MYOB ODBC Direct v10 AUS
MYOB ODBC Direct v8 AUS
MYOB ODBC Direct v9 AUS
MyTomTom 3.1.0.530
NoteTab Light 6 (Remove only)
PDF Settings
PowerDVD DX
QuickTime
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skins
Skype™ 3.8
Sound Blaster X-Fi
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vba32 for Windows Vista
Visual Studio C++ 10.0 Runtime
VoiceOver Kit
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
9/02/2013 7:59:09 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 174 time(s).
9/02/2013 7:53:47 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 172 time(s).
9/02/2013 7:53:47 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 173 time(s).
9/02/2013 7:53:45 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 171 time(s).
9/02/2013 7:53:45 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 172 time(s).
9/02/2013 7:53:42 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 170 time(s).
9/02/2013 7:53:42 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 171 time(s).
9/02/2013 7:53:40 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 169 time(s).
9/02/2013 7:53:40 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 170 time(s).
9/02/2013 7:53:38 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 168 time(s).
9/02/2013 7:53:38 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 169 time(s).
9/02/2013 7:53:35 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 167 time(s).
9/02/2013 7:53:35 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 168 time(s).
9/02/2013 7:53:33 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 166 time(s).
9/02/2013 7:53:33 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 167 time(s).
9/02/2013 7:53:30 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 165 time(s).
9/02/2013 7:53:30 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 166 time(s).
9/02/2013 7:53:28 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 164 time(s).
9/02/2013 7:53:28 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 165 time(s).
9/02/2013 7:53:25 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 163 time(s).
9/02/2013 7:53:25 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 164 time(s).
9/02/2013 7:53:23 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 162 time(s).
9/02/2013 7:53:23 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 163 time(s).
9/02/2013 7:53:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 161 time(s).
9/02/2013 7:53:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 162 time(s).
9/02/2013 7:53:18 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 160 time(s).
9/02/2013 7:53:18 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 161 time(s).
9/02/2013 7:53:16 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 159 time(s).
9/02/2013 7:53:16 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 160 time(s).
9/02/2013 7:53:13 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 158 time(s).
9/02/2013 7:53:13 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 159 time(s).
9/02/2013 7:53:11 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 157 time(s).
9/02/2013 7:53:11 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 158 time(s).
9/02/2013 7:53:08 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 156 time(s).
9/02/2013 7:53:08 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 157 time(s).
9/02/2013 7:53:06 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 155 time(s).
9/02/2013 7:53:06 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 156 time(s).
9/02/2013 7:53:03 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 154 time(s).
9/02/2013 7:53:03 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 155 time(s).
9/02/2013 7:53:01 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 153 time(s).
9/02/2013 7:53:01 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 154 time(s).
9/02/2013 7:52:59 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 152 time(s).
9/02/2013 7:52:59 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 153 time(s).
9/02/2013 7:52:56 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 151 time(s).
9/02/2013 7:52:56 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 152 time(s).
9/02/2013 7:52:54 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 150 time(s).
9/02/2013 7:52:54 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 151 time(s).
9/02/2013 7:52:51 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 149 time(s).
9/02/2013 7:52:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 150 time(s).
9/02/2013 7:52:49 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 148 time(s).
9/02/2013 7:52:49 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 149 time(s).
9/02/2013 7:52:46 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 147 time(s).
9/02/2013 7:52:46 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 148 time(s).
9/02/2013 7:52:44 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 146 time(s).
9/02/2013 7:52:44 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 147 time(s).
9/02/2013 7:52:41 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 145 time(s).
9/02/2013 7:52:41 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 146 time(s).
9/02/2013 7:52:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 144 time(s).
9/02/2013 7:52:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 145 time(s).
9/02/2013 7:52:37 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 143 time(s).
9/02/2013 7:52:37 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 144 time(s).
9/02/2013 7:52:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 142 time(s).
9/02/2013 7:52:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 143 time(s).
9/02/2013 7:52:32 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 141 time(s).
9/02/2013 7:52:32 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 142 time(s).
9/02/2013 7:52:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 140 time(s).
9/02/2013 7:52:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 141 time(s).
9/02/2013 7:52:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 139 time(s).
9/02/2013 7:52:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 140 time(s).
9/02/2013 7:52:25 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 138 time(s).
9/02/2013 7:52:25 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 139 time(s).
9/02/2013 7:52:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 137 time(s).
9/02/2013 7:52:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 138 time(s).
9/02/2013 7:52:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 136 time(s).
9/02/2013 7:52:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 137 time(s).
9/02/2013 7:52:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 135 time(s).
9/02/2013 7:52:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 136 time(s).
9/02/2013 7:52:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 134 time(s).
9/02/2013 7:52:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 135 time(s).
9/02/2013 7:52:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 133 time(s).
9/02/2013 7:52:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 134 time(s).
9/02/2013 7:52:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 132 time(s).
9/02/2013 7:52:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 133 time(s).
9/02/2013 7:52:08 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 131 time(s).
9/02/2013 7:52:08 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 132 time(s).
9/02/2013 7:52:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 130 time(s).
9/02/2013 7:52:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 131 time(s).
9/02/2013 7:33:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 129 time(s).
9/02/2013 7:33:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 130 time(s).
9/02/2013 7:33:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 128 time(s).
9/02/2013 7:33:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 129 time(s).
9/02/2013 7:33:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 127 time(s).
9/02/2013 7:33:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 128 time(s).
9/02/2013 7:33:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 126 time(s).
9/02/2013 7:33:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 127 time(s).
9/02/2013 7:33:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 125 time(s).
9/02/2013 7:33:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 126 time(s).
9/02/2013 7:33:07 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 124 time(s).
9/02/2013 7:33:07 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 125 time(s).
9/02/2013 7:33:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 123 time(s).
9/02/2013 7:33:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 124 time(s).
9/02/2013 7:33:02 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 122 time(s).
9/02/2013 7:33:02 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 123 time(s).
9/02/2013 7:33:00 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 121 time(s).
9/02/2013 7:33:00 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 122 time(s).
9/02/2013 7:32:57 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 120 time(s).
9/02/2013 7:32:57 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 121 time(s).
9/02/2013 7:32:55 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 119 time(s).
9/02/2013 7:32:55 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 120 time(s).
9/02/2013 7:32:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 118 time(s).
9/02/2013 7:32:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 119 time(s).
9/02/2013 7:32:50 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 117 time(s).
9/02/2013 7:32:50 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 118 time(s).
9/02/2013 7:32:47 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 116 time(s).
9/02/2013 7:32:47 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 117 time(s).
9/02/2013 7:32:45 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 115 time(s).
9/02/2013 7:32:45 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 116 time(s).
9/02/2013 7:32:42 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 114 time(s).
9/02/2013 7:32:42 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 115 time(s).
9/02/2013 7:32:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 113 time(s).
9/02/2013 7:32:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 114 time(s).
9/02/2013 7:32:37 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 112 time(s).
9/02/2013 7:32:37 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 113 time(s).
9/02/2013 7:32:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 111 time(s).
9/02/2013 7:32:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 112 time(s).
9/02/2013 7:32:32 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 110 time(s).
9/02/2013 7:32:32 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 111 time(s).
9/02/2013 7:32:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 109 time(s).
9/02/2013 7:32:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 110 time(s).
9/02/2013 7:32:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 108 time(s).
9/02/2013 7:32:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 109 time(s).
9/02/2013 7:32:25 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 107 time(s).
9/02/2013 7:32:25 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 108 time(s).
9/02/2013 7:32:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 106 time(s).
9/02/2013 7:32:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 107 time(s).
9/02/2013 7:32:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 105 time(s).
9/02/2013 7:32:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 106 time(s).
9/02/2013 7:32:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 104 time(s).
9/02/2013 7:32:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 105 time(s).
9/02/2013 7:32:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 103 time(s).
9/02/2013 7:32:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 104 time(s).
9/02/2013 7:32:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 102 time(s).
9/02/2013 7:32:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 103 time(s).
9/02/2013 7:32:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 101 time(s).
9/02/2013 7:32:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 102 time(s).
9/02/2013 7:32:08 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 100 time(s).
9/02/2013 7:32:08 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 101 time(s).
9/02/2013 7:32:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 99 time(s).
9/02/2013 7:32:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 100 time(s).
9/02/2013 7:32:03 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 98 time(s).
9/02/2013 7:32:03 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 99 time(s).
9/02/2013 7:32:00 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 97 time(s).
9/02/2013 7:32:00 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 98 time(s).
9/02/2013 7:31:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 96 time(s).
9/02/2013 7:31:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 97 time(s).
9/02/2013 7:31:56 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 95 time(s).
9/02/2013 7:31:56 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 96 time(s).
9/02/2013 7:31:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 94 time(s).
9/02/2013 7:31:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 95 time(s).
9/02/2013 7:31:51 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 93 time(s).
9/02/2013 7:31:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 94 time(s).
9/02/2013 7:31:48 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 92 time(s).
9/02/2013 7:31:48 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 93 time(s).
9/02/2013 7:31:46 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 91 time(s).
9/02/2013 7:31:46 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 92 time(s).
9/02/2013 7:31:44 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 90 time(s).
9/02/2013 7:31:44 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 91 time(s).
9/02/2013 7:31:41 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 89 time(s).
9/02/2013 7:31:41 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 90 time(s).
9/02/2013 7:31:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 88 time(s).
9/02/2013 7:31:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 89 time(s).
9/02/2013 7:31:37 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 87 time(s).
9/02/2013 7:31:37 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 88 time(s).
9/02/2013 7:31:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 86 time(s).
9/02/2013 7:31:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 87 time(s).
9/02/2013 7:31:32 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 85 time(s).
9/02/2013 7:31:32 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 86 time(s).
9/02/2013 7:31:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 84 time(s).
9/02/2013 7:31:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 85 time(s).
9/02/2013 7:31:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 83 time(s).
9/02/2013 7:31:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 84 time(s).
9/02/2013 7:31:24 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 82 time(s).
9/02/2013 7:31:24 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 83 time(s).
9/02/2013 7:31:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 81 time(s).
9/02/2013 7:31:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 82 time(s).
9/02/2013 7:31:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 80 time(s).
9/02/2013 7:31:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 81 time(s).
9/02/2013 7:31:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 79 time(s).
9/02/2013 7:31:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 80 time(s).
9/02/2013 7:31:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 78 time(s).
9/02/2013 7:31:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 79 time(s).
9/02/2013 7:31:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 77 time(s).
9/02/2013 7:31:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 78 time(s).
9/02/2013 7:31:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 76 time(s).
9/02/2013 7:31:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 77 time(s).
9/02/2013 7:31:08 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 75 time(s).
9/02/2013 7:31:08 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 76 time(s).
9/02/2013 7:31:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 74 time(s).
9/02/2013 7:31:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 75 time(s).
9/02/2013 7:31:03 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 73 time(s).
9/02/2013 7:31:03 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 74 time(s).
9/02/2013 7:31:00 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 72 time(s).
9/02/2013 7:31:00 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 73 time(s).
9/02/2013 7:30:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 71 time(s).
9/02/2013 7:30:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 72 time(s).
9/02/2013 7:30:56 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 70 time(s).
9/02/2013 7:30:56 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 71 time(s).
9/02/2013 7:30:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 69 time(s).
9/02/2013 7:30:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 70 time(s).
9/02/2013 7:30:51 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 68 time(s).
9/02/2013 7:30:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 69 time(s).
9/02/2013 7:30:48 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 67 time(s).
9/02/2013 7:30:48 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 68 time(s).
9/02/2013 7:30:46 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 66 time(s).
9/02/2013 7:30:46 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 67 time(s).
9/02/2013 7:30:44 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 65 time(s).
9/02/2013 7:30:44 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 66 time(s).
9/02/2013 7:30:41 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 64 time(s).
9/02/2013 7:30:41 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 65 time(s).
9/02/2013 7:30:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 63 time(s).
9/02/2013 7:30:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 64 time(s).
9/02/2013 7:30:36 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 62 time(s).
9/02/2013 7:30:36 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 63 time(s).
9/02/2013 7:30:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 61 time(s).
9/02/2013 7:30:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 62 time(s).
9/02/2013 7:30:31 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 60 time(s).
9/02/2013 7:30:31 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 61 time(s).
9/02/2013 7:30:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 59 time(s).
9/02/2013 7:30:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 60 time(s).
9/02/2013 7:30:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 58 time(s).
9/02/2013 7:30:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 59 time(s).
9/02/2013 7:30:24 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 57 time(s).
9/02/2013 7:30:24 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 58 time(s).
9/02/2013 7:30:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 56 time(s).
9/02/2013 7:30:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 57 time(s).
9/02/2013 7:30:19 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 55 time(s).
9/02/2013 7:30:19 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 56 time(s).
9/02/2013 7:30:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 54 time(s).
9/02/2013 7:30:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 55 time(s).
9/02/2013 7:30:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 53 time(s).
9/02/2013 7:30:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 54 time(s).
9/02/2013 7:30:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 52 time(s).
9/02/2013 7:30:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 53 time(s).
9/02/2013 7:30:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 51 time(s).
9/02/2013 7:30:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 52 time(s).
9/02/2013 7:30:07 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 50 time(s).
9/02/2013 7:30:07 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 51 time(s).
9/02/2013 7:30:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 49 time(s).
9/02/2013 7:30:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 50 time(s).
9/02/2013 7:30:03 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 48 time(s).
9/02/2013 7:30:03 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 49 time(s).
9/02/2013 7:30:00 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 47 time(s).
9/02/2013 7:30:00 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 48 time(s).
9/02/2013 7:29:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 46 time(s).
9/02/2013 7:29:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 47 time(s).
9/02/2013 7:29:55 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 45 time(s).
9/02/2013 7:29:55 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 46 time(s).
9/02/2013 7:29:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 44 time(s).
9/02/2013 7:29:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 45 time(s).
9/02/2013 7:29:51 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 43 time(s).
9/02/2013 7:29:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 44 time(s).
9/02/2013 7:29:48 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 42 time(s).
9/02/2013 7:29:48 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 43 time(s).
9/02/2013 7:29:46 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 41 time(s).
9/02/2013 7:29:46 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 42 time(s).
9/02/2013 7:29:43 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 40 time(s).
9/02/2013 7:29:43 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 41 time(s).
9/02/2013 7:29:41 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 39 time(s).
9/02/2013 7:29:41 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 40 time(s).
9/02/2013 7:29:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 38 time(s).
9/02/2013 7:29:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 39 time(s).
9/02/2013 7:29:36 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 37 time(s).
9/02/2013 7:29:36 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 38 time(s).
9/02/2013 7:29:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 36 time(s).
9/02/2013 7:29:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 37 time(s).
9/02/2013 7:29:31 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 35 time(s).
9/02/2013 7:29:31 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 36 time(s).
9/02/2013 7:29:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 34 time(s).
9/02/2013 7:29:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 35 time(s).
9/02/2013 7:29:26 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 33 time(s).
9/02/2013 7:29:26 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 34 time(s).
9/02/2013 7:29:24 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 32 time(s).
9/02/2013 7:29:24 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 33 time(s).
9/02/2013 7:29:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 31 time(s).
9/02/2013 7:29:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 32 time(s).
9/02/2013 7:29:19 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 30 time(s).
9/02/2013 7:29:19 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 31 time(s).
9/02/2013 7:29:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 29 time(s).
9/02/2013 7:29:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 30 time(s).
9/02/2013 7:29:14 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 28 time(s).
9/02/2013 7:29:14 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 29 time(s).
9/02/2013 7:29:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 27 time(s).
9/02/2013 7:29:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 28 time(s).
9/02/2013 7:29:09 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 26 time(s).
9/02/2013 7:29:09 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 27 time(s).
9/02/2013 7:29:07 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 25 time(s).
9/02/2013 7:29:07 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 26 time(s).
9/02/2013 7:29:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 24 time(s).
9/02/2013 7:29:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 25 time(s).
8/02/2013 6:31:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0023AEE6DE95 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/02/2013 6:56:17 AM, Error: EventLog [6008] - The previous system shutdown at 6:54:08 AM on 7/02/2013 was unexpected.
7/02/2013 6:49:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/02/2013 6:38:04 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 23 time(s).
7/02/2013 6:38:04 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 24 time(s).
7/02/2013 6:38:01 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 22 time(s).
7/02/2013 6:38:01 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 23 time(s).
7/02/2013 6:37:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 21 time(s).
7/02/2013 6:37:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 22 time(s).
7/02/2013 6:37:55 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 20 time(s).
7/02/2013 6:37:55 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 21 time(s).
7/02/2013 6:37:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 19 time(s).
7/02/2013 6:37:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 20 time(s).
7/02/2013 6:37:50 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 18 time(s).
7/02/2013 6:37:50 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 19 time(s).
7/02/2013 6:37:47 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 17 time(s).
7/02/2013 6:37:47 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 18 time(s).
7/02/2013 6:37:45 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 16 time(s).
7/02/2013 6:37:45 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 17 time(s).
7/02/2013 6:37:42 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 15 time(s).
7/02/2013 6:37:42 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 16 time(s).
7/02/2013 6:37:40 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 14 time(s).
7/02/2013 6:37:40 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 15 time(s).
7/02/2013 6:37:37 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 13 time(s).
7/02/2013 6:37:37 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 14 time(s).
7/02/2013 6:37:35 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 12 time(s).
7/02/2013 6:37:35 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 13 time(s).
7/02/2013 6:37:32 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 11 time(s).
7/02/2013 6:37:32 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 12 time(s).
7/02/2013 6:37:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 10 time(s).
7/02/2013 6:37:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 11 time(s).
7/02/2013 6:37:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 9 time(s).
7/02/2013 6:37:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 10 time(s).
7/02/2013 6:37:24 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 8 time(s).
7/02/2013 6:37:24 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 9 time(s).
7/02/2013 6:37:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 7 time(s).
7/02/2013 6:37:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 8 time(s).
7/02/2013 6:37:18 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 6 time(s).
7/02/2013 6:37:18 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 7 time(s).
7/02/2013 6:37:13 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 5 time(s).
7/02/2013 6:37:13 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 6 time(s).
7/02/2013 6:37:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 4 time(s).
7/02/2013 6:37:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 5 time(s).
7/02/2013 6:37:02 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 3 time(s).
7/02/2013 6:37:02 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 4 time(s).
7/02/2013 6:36:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 2 time(s).
7/02/2013 6:36:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 3 time(s).
7/02/2013 6:36:55 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 1 time(s).
7/02/2013 6:36:55 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 2 time(s).
7/02/2013 6:36:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 1 time(s).
2/02/2013 7:26:07 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++

i been using the logitec game pad for six months now, but its not being recognised anymore...what could be the solution to this. i v tried even on other computers, still no luck?

help I have been going crazy trying to fix this on my own the past 3 months... I suspect a very complex infection involving multiple different infections.. I have done 18 windows 7 installs and 6 windows 8 installs the infection keeps reappearing... I can sense the remote compromise every time... here is my logs please have mercy

GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-07 16:26:48
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003c SAMSUNG_SSD_830_Series rev.CXM03B1Q 238.47GB
Running: gmer.exe; Driver: C:\Users\x\AppData\Local\Temp\kwloipob.sys

---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e7a41532 4 bytes [A4, E7, F8, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e7a4153a 4 bytes [A4, E7, F8, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[804] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e7a4165a 4 bytes [A4, E7, F8, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [464:1516] fffff960008415e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2126526724
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@LeaseObtainedTime 1365376441
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@T1 1365376501
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@T2 1365452041
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213}@LeaseTerminatesTime 1365462841
---- EOF - GMER 2.1 ----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519
Run by x at 9:56:37 on 2013-04-08
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = about:blank
StartupFolder: C:\Users\x\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8F0DEEF3-4076-41E9-8B8C-3898CC5C5213} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\WINDOWS\System32\Drivers\epfwwfp.sys [2013-2-20 58416]
R1 eamonm;eamonm;C:\WINDOWS\System32\Drivers\eamonm.sys [2013-2-20 213416]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\WINDOWS\System32\Drivers\EpfwLWF.sys [2013-1-10 59440]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
R2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w --> C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 [?]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\WINDOWS\System32\Drivers\cmudaxp.sys [2012-12-17 2734080]
RUnknown asdnet;asdnet; [x]
RUnknown asdws;asdws; [x]
SUnknown asdrm;asdrm; [x]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=C:\WINDOWS\SysWow64\WScript.exe "%1" %*
FileExt: .js: jsfile=C:\WINDOWS\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-04-08 16:17:36 -------- d-----w- C:\Users\x\AppData\Roaming\ESET
2013-04-08 16:17:36 -------- d-----w- C:\Users\x\AppData\Local\ESET
2013-04-07 23:31:33 -------- d-----w- C:\Program Files\ESET
2013-04-07 21:33:25 187152 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10197.bin
2013-04-07 21:00:07 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-04-07 21:00:07 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-04-07 19:42:40 -------- d-----w- C:\Users\x\AppData\Roaming\postgresql
2013-04-07 18:02:48 -------- d-----w- C:\Users\x\AppData\Local\Opera
2013-04-07 14:43:22 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73E347F4-C1D7-4173-86BA-E6C62388A2C5}\mpengine.dll
2013-04-07 11:54:20 -------- d-----w- C:\Program Files (x86)\TableNinja
2013-04-07 11:53:44 -------- d-----w- C:\Users\x\AppData\Local\PokerStars
2013-04-07 11:53:38 -------- d-----w- C:\Program Files (x86)\PokerStars
2013-04-07 11:41:57 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-07 11:41:01 -------- d-----w- C:\Users\x\AppData\Local\Hold'em_Manager
2013-04-07 11:40:49 778856 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2013-04-07 11:40:49 35400 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2013-04-07 11:40:49 35400 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2013-04-07 11:40:49 124040 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2013-04-07 11:40:49 1166440 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2013-04-07 11:40:49 102528 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-04-07 07:11:39 -------- d-----w- C:\HM2Archive
2013-04-07 07:11:37 -------- d-----w- C:\Users\x\AppData\Roaming\HEM Data
2013-04-07 07:06:46 -------- d-----w- C:\Users\x\AppData\Local\IsolatedStorage
2013-04-07 07:06:46 -------- d-----w- C:\ProgramData\XHEO INC
2013-04-07 07:06:39 -------- d-----w- C:\Users\x\AppData\Roaming\HoldemManager
2013-04-07 04:52:48 -------- d-----w- C:\Program Files (x86)\Holdem Manager 2
2013-04-07 04:45:54 -------- d-----w- C:\Program Files\PostgreSQL
2013-04-07 04:42:08 -------- d-----w- C:\ProgramData\Samsung
2013-04-07 04:42:08 -------- d-----w- C:\Program Files (x86)\Samsung Magician
2013-04-07 04:42:02 -------- d-----w- C:\Users\x\AppData\Local\Programs
2013-04-07 04:42:00 82944 ----a-w- C:\WINDOWS\SysWow64\dskquota.dll
2013-04-07 04:42:00 109568 ----a-w- C:\WINDOWS\System32\dskquota.dll
2013-04-07 04:40:51 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2013-04-07 04:38:58 524768 ----a-w- C:\WINDOWS\difxapi.dll
2013-04-07 04:38:58 359424 ----a-w- C:\WINDOWS\System32\CmiInstallResAll64.dll
2013-04-07 04:38:15 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
2013-04-07 04:26:54 -------- d-----w- C:\Users\x\AppData\Roaming\Anvisoft
2013-04-07 04:26:49 -------- d-----w- C:\ProgramData\Anvisoft
2013-04-07 04:26:46 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-04-07 04:22:59 11459584 ----a-w- C:\WINDOWS\System32\glcndFilter.dll
2013-04-07 04:11:13 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-04-07 04:11:12 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-04-07 04:07:18 282744 ------w- C:\WINDOWS\System32\MpSigStub.exe
2013-04-07 04:07:12 56832 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2013-04-07 04:07:12 56320 ----a-w- C:\WINDOWS\SysWow64\OpenCL.DLL
2013-04-07 04:07:12 -------- d-----w- C:\Intel
2013-04-07 04:03:14 17888 ----a-w- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll
2013-04-07 04:03:14 17888 ----a-w- C:\WINDOWS\System32\msvcr100_clr0400.dll
2013-04-07 04:01:23 2893824 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
2013-04-07 04:01:23 2400256 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2013-04-07 04:01:17 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2013-04-07 04:01:17 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll
2013-04-07 04:01:17 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll
2013-04-07 04:01:17 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll
2013-04-07 04:01:16 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
2013-04-07 04:01:16 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2013-04-07 03:55:41 -------- d-----w- C:\Users\x\AppData\Local\Diagnostics
2013-04-07 03:36:23 -------- d-----w- C:\WINDOWS\Panther
2013-04-07 01:37:12 -------- d--h--w- C:\ESD
.
==================== Find3M ====================
.
2013-04-07 04:39:06 419840 ----a-w- C:\WINDOWS\System32\wrap_oal.dll
2013-04-07 04:39:06 413696 ----a-w- C:\WINDOWS\SysWow64\wrap_oal.dll
2013-04-07 04:39:06 111616 ----a-w- C:\WINDOWS\System32\OpenAL32.dll
2013-04-07 04:39:06 102400 ----a-w- C:\WINDOWS\SysWow64\OpenAL32.dll
2013-03-05 23:07:25 78168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 23:07:25 692568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-03-02 08:22:18 361984 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-02-20 18:07:40 58416 ----a-w- C:\WINDOWS\System32\drivers\epfwwfp.sys
2013-02-20 18:07:38 213416 ----a-w- C:\WINDOWS\System32\drivers\eamonm.sys
2013-02-15 07:58:59 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-02-12 00:25:18 4041728 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-02-12 00:17:50 20992 ----a-w- C:\WINDOWS\System32\drivers\usb8023.sys
2013-02-07 04:09:56 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2013-02-07 03:34:58 10115072 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-02-07 03:33:47 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
2013-02-07 03:33:42 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2013-02-07 01:34:00 8856576 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-02-07 01:33:03 2033664 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2013-02-07 01:33:01 754176 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
2013-02-05 04:58:01 1766912 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-02-05 04:56:33 2877952 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-02-05 04:56:27 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2013-02-05 04:56:27 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2013-02-05 03:55:27 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-02-05 01:44:50 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2013-02-04 22:39:47 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-02-04 22:39:39 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-02-04 22:38:55 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-02-04 22:38:53 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2013-02-02 11:19:44 496872 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41 329960 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2013-02-02 11:19:33 61672 ----a-w- C:\WINDOWS\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2013-02-02 10:28:54 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-02-02 08:40:58 375808 ----a-w- C:\WINDOWS\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\WINDOWS\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\WINDOWS\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\WINDOWS\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\WINDOWS\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\WINDOWS\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01 356352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2013-02-02 08:39:59 325632 ----a-w- C:\WINDOWS\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\WINDOWS\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\WINDOWS\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\WINDOWS\SysWow64\nlmproxy.dll
2013-02-02 08:39:34 12288 ----a-w- C:\WINDOWS\SysWow64\nlmsprep.dll
2013-02-02 08:39:33 115712 ----a-w- C:\WINDOWS\SysWow64\netprofm.dll
2013-02-02 08:39:28 5090816 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2013-02-02 08:39:15 157696 ----a-w- C:\WINDOWS\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54 567808 ----a-w- C:\WINDOWS\SysWow64\duser.dll
2013-02-02 08:24:19 107520 ----a-w- C:\WINDOWS\System32\taskkill.exe
2013-02-02 08:24:19 102400 ----a-w- C:\WINDOWS\System32\tasklist.exe
2013-02-02 08:23:44 228352 ----a-w- C:\WINDOWS\System32\XpsRasterService.dll
2013-02-02 08:23:43 475136 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2013-02-02 08:23:37 611840 ----a-w- C:\WINDOWS\System32\wpd_ci.dll
2013-02-02 08:23:37 105472 ----a-w- C:\WINDOWS\System32\wpdbusenum.dll
2013-02-02 08:23:30 830464 ----a-w- C:\WINDOWS\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28 543232 ----a-w- C:\WINDOWS\System32\wlroamextension.dll
2013-02-02 08:23:21 13643264 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-02-02 08:23:19 293376 ----a-w- C:\WINDOWS\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18 731648 ----a-w- C:\WINDOWS\System32\win32spl.dll
2013-02-02 08:23:16 87552 ----a-w- C:\WINDOWS\System32\wersvc.dll
2013-02-02 08:22:28 448512 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2013-02-02 08:22:22 416256 ----a-w- C:\WINDOWS\System32\schannel.dll
2013-02-02 08:21:45 467456 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll
2013-02-02 08:21:44 385024 ----a-w- C:\WINDOWS\System32\ncsi.dll
2013-02-02 08:21:38 5977600 ----a-w- C:\WINDOWS\System32\mstscax.dll
2013-02-02 08:21:10 225280 ----a-w- C:\WINDOWS\System32\mbsmsapi.dll
2013-02-02 08:20:47 260096 ----a-w- C:\WINDOWS\System32\hotspotauth.dll
2013-02-02 08:20:31 729600 ----a-w- C:\WINDOWS\System32\duser.dll
2013-02-02 07:30:05 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2013-02-02 07:25:52 297984 ----a-w- C:\WINDOWS\System32\drivers\ks.sys
2013-02-02 07:25:26 82944 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-02-02 07:25:23 37632 ----a-w- C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
2013-02-02 05:41:57 1437184 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2013-02-02 05:31:54 1690624 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2013-01-29 01:57:05 35232 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys
2013-01-28 23:08:22 230904 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys
2013-01-14 03:56:14 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-01-12 02:02:34 64624 ----a-w- C:\WINDOWS\System32\drivers\HECIx64.sys
2013-01-10 22:08:16 59440 ----a-w- C:\WINDOWS\System32\drivers\EpfwLWF.sys
2013-01-10 22:08:16 190232 ----a-w- C:\WINDOWS\System32\drivers\epfw.sys
2013-01-10 22:08:14 150616 ----a-w- C:\WINDOWS\System32\drivers\ehdrv.sys
2013-01-10 01:53:32 28904 ----a-w- C:\WINDOWS\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
.
============= FINISH: 9:56:42.05 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2013 8:39:05 PM
System Uptime: 4/8/2013 9:14:58 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | LGA1155 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 215 GiB total, 170.079 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96a-e325-11ce-bfc1-08002be10318}
Description: Standard SATA AHCI Controller
Device ID: PCI\VEN_8086&DEV_1E02&SUBSYS_84CA1043&REV_04\3&11583659&0&FA
Manufacturer: Standard SATA AHCI Controller
Name: Standard SATA AHCI Controller
PNP Device ID: PCI\VEN_8086&DEV_1E02&SUBSYS_84CA1043&REV_04\3&11583659&0&FA
Service: storahci
.
==== System Restore Points ===================
.
RP1: 4/6/2013 8:49:52 PM - a
.
==== Installed Programs ======================
.
ASUS Xonar Essence STX Audio
ESET Smart Security
Holdem Manager 2
Intel(R) Processor Graphics
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
OpenAL
Opera 12.15
PokerStars
PostgreSQL 9.2
Samsung Magician
TableNinja
.
==== Event Viewer Messages From Past Week ========
.
4/7/2013 8:14:25 AM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
4/7/2013 4:31:40 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/7/2013 4:29:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/7/2013 4:28:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
4/7/2013 4:28:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "Unavailable" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/7/2013 4:28:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/7/2013 4:19:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/7/2013 4:12:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/7/2013 4:03:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
4/7/2013 4:03:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/7/2013 4:03:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/7/2013 4:03:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2013 9:10:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel driver update for Intel(R) Management Engine Interface.
4/6/2013 8:36:31 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
4/6/2013 8:36:31 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/6/2013 8:36:20 PM, Error: volmgr [46] - Crash dump initialization failed!
4/6/2013 10:01:17 PM, Error: Service Control Manager [7022] - The AD Blocker Service service hung on starting.
.
==== End Of File ===========================

Attached Files

SysInspector-XDSD23-130408-0953.zip (228.2 KB)

Hello,

Within the last few days, my Acer Aspire laptop has been experiencing issues while running windows normally. I have Windows 7 Home Premium, Service Pack 1. Windows boots fine, I log in, and within a few minutes, Windows comes to a halt. It doesn't freeze completely, but the green, circular "busy/working" icon appears and I'm not able to do much of anything (this happens regardless if I am working in a program, or just on the desktop). Sometimes if I'm on the desktop, the background will turn white as a result.

Thinking the problem could be related to an Acer hotfix I recently installed for a Windows compatibility issue with the Acer powertray, I tried restoring to an earlier restore point (which removed the hotfix), but the "freezing" still occurs. Again, this only happens in the normal mode of Windows, safe mode works fine. Trying to interrupt any processes and end tasks never works. I then try to shut down, but I can never get past the "logging off" stage, so I always have to shut down by holding the power button.

Before resorting to posting here, I did install and run MalwareBytes (before the system restore) and the scan found 1 instance of Malware, which was removed. So whatever was removed was clearly not causing the issue.

GMER did not find anything (I could only run the dds and GMER scans in safe mode, however, so I'm not sure how much of a difference this makes).

Thanks for your time and help!
--------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 1.6.0_39
Run by Mike at 19:07:18 on 2013-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.3279 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120622112023.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B0BCF2FB-1545-4F42-9C6F-8160A8B30C5C} : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{E8F62D5E-6208-4D1B-9919-390A7394547C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E8F62D5E-6208-4D1B-9919-390A7394547C}\3414D4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E8F62D5E-6208-4D1B-9919-390A7394547C}\4456661657C64713 : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120622112023.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\tzpivxhr.default\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-17 22:26; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-4-16 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-23 55856]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-10-24 201304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-4-16 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-8-12 182752]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-5-16 51240]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-4-16 70112]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-4-16 515968]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-9 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-9 181760]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-12 22648]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-12 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-12 62776]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-12 353360]
S2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-23 872552]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-12 13592]
S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-12 244624]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-10-24 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-10-24 201304]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-10-24 201304]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-4-16 241456]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-9-18 230920]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-1-14 70152]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-23 2656280]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-5-6 86056]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-24 196440]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-12 317440]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-4-16 309840]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-4-16 106552]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-08 19:36:34 -------- d-----w- C:\CCE_Quarantine
2013-04-08 16:32:56 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2013-04-08 16:32:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-08 16:32:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-08 16:32:40 -------- d-----w- C:\Users\Mike\AppData\Local\Programs
2013-04-08 04:49:18 -------- d-----w- C:\Users\Mike\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2013-02-19 21:59:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-02-19 21:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-02-19 21:56:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-02-19 21:55:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-02-19 21:55:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-02-19 21:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-02-19 21:53:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-02-19 21:53:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-02-19 21:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-16 00:56:10 477616 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-01-16 00:56:07 473520 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-14 18:40:56 70152 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 19:08:16.09 ===============

Attached Files

attach.txt (12.9 KB)

Hello there. I got recently infected by a malware. It basically disconnected my internet. Before that happened i saw some weird inernet logs. Someone was scanning my ports. Right after it i got dced. I made a quick malwarebytes scan and it found some kind of svdk.exe and a registtry file that is disabling security center. I always see the loading thing next to my cursor. I havent downloaded something suspicious. I always run the programs first on sandboxie. As long as i try to start security centet service from services in admin tools, it quickly disables. Im currently in my mobile, i need immeadetly help. My . wi. n is xp sp3 and i cant even boot in safemode. Pleaaaaassseee help. I dont want to reformat my pc and i dont think i have even access to boot from cd

hey guys so yesterday i was on my laptop not sure of what happened but my facebook.com redirects to meat spin. and my anti virus isnt picking it up

here is there dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2
Run by 100403428 at 1:12:51 on 2013-04-09
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.2.1033.18.3983.1670 [GMT -4:00]
.
AV: F-Secure Client Security 9.31 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.31 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
C:\Windows\SysWOW64\CBA\pds.exe
C:\PROGRA~2\LANDesk\LDClient\issuser.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\PROGRA~2\LANDesk\LDClient\collector.exe
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\PROGRA~2\LANDesk\LDClient\LDregwatch.exe
C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\F-Secure\Common\FIH32.EXE
C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~2\LANDesk\LDClient\rcgui.exe
C:\PROGRA~2\LANDesk\LDClient\issclipexec.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\F-Secure\common\FSM32.EXE
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Adobe\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.uoit.ca/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\100403~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoWindowsUpdate = dword:1
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoStartMenuNetworkPlaces = dword:1
uPolicies-Explorer: NoSecurityTab = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0BCFAF6C-8379-4AD7-B569-B16E8E0B1095} : DHCPNameServer = 10.120.200.62 10.120.200.63 10.120.200.66 10.120.200.65 10.120.200.64 10.120.200.61
TCP: Interfaces\{4207094C-DE52-4B50-971D-0CFCCCADC27C} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\100403428\AppData\Roaming\Mozilla\Firefox\Profiles\qhxbzhju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uoit.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-2-29 31344]
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2012-5-11 56016]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2012-4-9 62016]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2012-4-9 46848]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2012-4-9 95136]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-4-9 15040]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-2-29 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R2 CBA8;LANDesk(R) Management Agent;C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe [2010-10-15 147456]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-2-29 198784]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2012-4-9 221888]
R2 fsdevcon;F-Secure Device Control Daemon;C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe [2012-4-9 517824]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [2013-3-28 205312]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [2013-3-28 178688]
R2 LANDesk(R) Out-of-Band Monitor Service;LANDesk(R) Out-of-Band Monitor Service;C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe [2013-3-28 1058304]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-2-29 101736]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-2-29 133992]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-8 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-8 682344]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-2-29 101888]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R2 Softmon;LANDesk(R) Software Monitoring Service;C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe [2013-3-28 385024]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-2-29 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-2-29 142696]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-29 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-12-20 1155088]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-12-20 248840]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-12-20 1178128]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2012-2-29 166016]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-4-19 478056]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2012-4-9 200760]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;C:\Program Files (x86)\F-Secure\common\FNRB32.exe [2012-4-9 189120]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2012-4-9 62144]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-29 317440]
R3 ldmirror;ldmirror;C:\Windows\System32\drivers\ldmirror.sys [2012-3-29 5120]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-8 24176]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\Windows\System32\drivers\mirrorflt.sys [2012-3-29 6656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ldblank;Screen Blanking driver for Remote Control;C:\Windows\System32\drivers\ldblank.sys [2012-3-29 20480]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-2-29 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-2-29 175168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-29 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-12-20 14464]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys [2012-4-9 42048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys [2012-4-9 27328]
.
=============== Created Last 30 ================
.
2013-04-08 17:39:33 -------- d-----w- C:\Users\100403428\AppData\Roaming\Malwarebytes
2013-04-08 17:39:20 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-08 17:39:16 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-08 17:39:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-08 17:39:04 -------- d-----w- C:\Users\100403428\AppData\Local\Programs
2013-04-06 15:06:18 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-04-06 15:05:49 -------- d-----w- C:\Program Files\iPod
2013-04-06 15:05:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-06 15:05:48 -------- d-----w- C:\Program Files\iTunes
2013-04-06 15:05:48 -------- d-----w- C:\Program Files (x86)\iTunes
2013-04-06 15:02:29 -------- d-----w- C:\Program Files\Bonjour
2013-04-06 15:02:29 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-04-04 18:15:13 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-04 18:15:04 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-03 23:17:27 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-04-03 15:42:03 -------- d-----w- C:\Users\100403428\AppData\Local\Western_Digital
2013-04-02 19:07:34 -------- d--h--w- C:\Windows\System32\WLANProfiles
2013-04-02 18:03:29 -------- d-----w- C:\Users\100403428\AppData\Local\Apps
2013-04-02 18:03:28 -------- d-----w- C:\Users\100403428\AppData\Local\Deployment
2013-04-02 18:02:41 -------- d-----w- C:\Program Files (x86)\SopCast
2013-04-01 16:33:06 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-04-01 16:30:46 52568 ----a-w- C:\Windows\System32\AdobePDF.dll
2013-04-01 13:34:19 -------- d-----w- C:\Users\100403428\AppData\Roaming\uTorrent
2013-03-31 17:21:07 -------- d-----w- C:\Program Files\Western Digital
2013-03-31 17:21:07 -------- d-----w- C:\Program Files (x86)\Western Digital
2013-03-31 17:19:53 -------- d-----w- C:\ProgramData\Western Digital
2013-03-30 15:51:30 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-30 15:36:50 -------- d-----w- C:\Windows\SysWow64\ldevents
2013-03-30 15:25:18 -------- d-----w- C:\Users\100403428\AppData\Local\Google
2013-03-28 16:52:03 -------- d-----w- C:\Users\100403428\AppData\Roaming\LANDesk
2013-03-28 15:39:13 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09F3C4B1-2750-485D-8308-8C4F2C20A8D3}\offreg.dll
2013-03-28 15:30:12 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-03-28 15:25:40 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-03-28 15:25:30 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-03-28 15:25:30 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-03-28 15:22:19 -------- d-----w- C:\Windows\wlansvc
2013-03-20 02:30:46 6066296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-04-04 18:14:48 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-30 15:51:35 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-30 15:51:35 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-28 15:35:25 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
.
============= FINISH: 1:14:03.78 ===============

Attached Files

attach.zip (3.8 KB)

I had to download both dds.scr and gmer scanners from a different computer and then ran both scans and I could not copy an paste the dds.txt to this so I attached it also, When I repaired the operating system as I was instructed to do I could not download any updates from Windows update site I received an error 0x80244019.

Attached Files

	ark.zip (7.7 KB)
	attach.zip (2.3 KB)
	dds.txt (9.4 KB)

Hi. I need some help here...my notebook is running really slow and CPU usage is always 100% but it keeps "jumping"...
anyway...I did run the gmer and the dds...
hope you can help me :sad:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by Cristina at 19:12:20 on 2013-04-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2672 [GMT -3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_10227f8c486f7892\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_10227f8c486f7892\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Cristina\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Cristina\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.medscape.com/psychiatry
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Cristina\AppData\Local\Akamai\netsession_win.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Facebook Update] "C:\Users\Cristina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/66.35/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: Interfaces\{34763094-4662-409B-AF23-859A2B9E6CD5} : DHCPNameServer = 189.40.224.80 189.40.226.80
TCP: Interfaces\{5684AA39-6B74-4B22-B60A-2419D3F09068} : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{5684AA39-6B74-4B22-B60A-2419D3F09068}\1405F594355465 : DHCPNameServer = 192.168.70.254 200.155.136.3 200.155.136.10
TCP: Interfaces\{5684AA39-6B74-4B22-B60A-2419D3F09068}\34279636B65647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5684AA39-6B74-4B22-B60A-2419D3F09068}\675687 : DHCPNameServer = 192.168.120.1
TCP: Interfaces\{5684AA39-6B74-4B22-B60A-2419D3F09068}\75962756C656373702341627C616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9E67AF47-A54B-4394-8F33-E45F31321701} : DHCPNameServer = 192.168.0.248
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-10 39768]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/06/27 04:49:08];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-6-27 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_10227f8c486f7892\AESTSr64.exe [2009-3-3 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-10-15 22072]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2011-7-19 208264]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1924400]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-3-25 968880]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-1-13 228408]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-1-13 139264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-6-27 35104]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2013-4-5 11776]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-9-25 7680512]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-6-27 222208]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-27 291328]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2012-7-31 70016]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-6 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-04-06 16:39:56 -------- d-----w- C:\Users\Cristina\AppData\Local\HuluDesktop
2013-04-06 02:15:48 123520 ----a-w- C:\Windows\System32\drivers\ZTEusbser6k.sys
2013-04-06 02:15:48 123520 ----a-w- C:\Windows\System32\drivers\ZTEusbnmea.sys
2013-04-06 02:15:48 123520 ----a-w- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
2013-04-06 02:15:48 11776 ----a-w- C:\Windows\System32\drivers\massfilter.sys
2013-04-06 02:15:37 -------- d-----w- C:\Program Files (x86)\Claro 3G
2013-04-04 01:36:02 -------- d-----w- C:\Users\Cristina\AppData\Local\Facebook
2013-03-31 16:31:05 -------- d-----w- C:\Users\Cristina\AppData\Roaming\Claro
2013-03-31 16:29:27 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2013-03-31 16:29:27 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2013-03-31 16:28:07 -------- d-----w- C:\Program Files (x86)\Claro
2013-03-31 16:26:49 -------- d-----w- C:\ProgramData\DatacardService
2013-03-25 20:39:46 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-22 00:45:58 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-03-22 00:45:58 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-03-22 00:45:58 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-03-22 00:45:58 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-03-22 00:45:55 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-03-22 00:43:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-03-20 06:02:32 -------- d-----w- C:\Windows\System32\SPReview
2013-03-20 06:00:41 -------- d-----w- C:\Windows\System32\EventProviders
2013-03-16 01:03:11 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-15 03:16:59 1392128 ----a-w- C:\Windows\System32\wininet.dll
.
==================== Find3M ====================
.
2013-03-25 04:37:28 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-03-20 06:25:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-03-20 06:25:55 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-03-05 17:24:13 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 17:24:12 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-05 17:24:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-23 00:59:03 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-23 00:59:03 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 19:13:10.82 ===============

Attached Files

Attach.zip (4.7 KB)

Right so heres a detailed account of whats been happening. Read all please.

My computer started showing weird symptoms last night, an svchost.exe in my task manager was stalling all of my other programs and eating 500,000K+ of memory! I tried ending the process but the .exe just kept coming back and eating away memory slowly. and this .exe is stalling all of my programs and causing some programs that would run fine before to lock up until I kill the process then the program unfreezes itself. I keep constantly having to kill it and its getting annoying. oh and did I mention that every time I kill this svchost.exe it keeps disabling my Windows Audio and I keep having to restart it through the services area? because thats getting highly annoying too.

I unplugged my computer from the internet and, after updating it before I disconnected, ran an all night scan of Malwarebytes anti-malware and it did find 2 threats that I removed and rebooted for. after the reboot, I did 1 more quick scan and it didn't find anything so I thought I was in the clear.

I rebooted again and reconnected my computer to the internet. I get hit with a CHKDSK screen asking me to preform a disk check, I let it proceed and it removes some corrupted files and entires. one thing I remember is that it kept saying "Restoring orphaned file" along with a filename and a location. seemed odd but then again I don't use CHKDSK too much to really see a problem.

When I get back to my account I get some windows updates ready to install, mostly security stuff including an update to the malicious software removal tool for XP, figured since some threats were found I figured I would need these security updates. I go ahead and let those install and reboot again.


When the operating system loaded and I got back to my account I was hit with this right off the bat:



And then svchost.exe comes back with a roaring vengeance and starts eating away at memory again! So I figured this was just some weird problem with XP and I'd do a system restore. I launched system restore and tried rebooting to last week. it starts shutting down and I get the restore process screen so I go and use the bathroom. When I get out I'm greeted with a BSOD and this darling message:

NOTE: I did forget to take out an SD card and charging iPod when I started the system restore process. I don't know if these 2 things would effect the system restore but I'm just throwing that in just in case its useful.

Lovely. so now I rebooted and were here now.

Heres the stuff you guys need:

====
DDS:
====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Ben at 8:25:01 on 2013-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.607 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
TB: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTo1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: Semagic - c:\program files\semagic\link.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{07882D2D-546F-45CE-9137-ADB2A096475A} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ben\application data\mozilla\firefox\profiles\7bl1swlj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ben\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\skype\skypewebplugin\npSkypeWebPlugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2012-3-10 22312]
S0 bfsxuxd;bfsxuxd;c:\windows\system32\drivers\jhtqvat.sys --> c:\windows\system32\drivers\jhtqvat.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S4 MsgPlusService;Messenger Plus! Service;c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe [2012-2-23 125952]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2013-04-10 13:22:09 -------- d-sh--w- C:\found.000
2013-03-27 18:57:08 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-03-27 18:56:50 62424 ----a-w- c:\windows\system32\drivers\xusb21.sys
2013-03-27 18:56:50 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-03-27 18:56:45 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2013-03-27 18:56:32 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2013-03-21 18:10:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
.
==================== Find3M ====================
.
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-17 13:38:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-17 13:38:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv(2).dll
2013-03-07 01:29:28 64512 ---ha-w- c:\windows\system32\dns-edos.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet(2).dll
2013-03-02 02:06:31 1212928 ----a-w- c:\windows\system32\urlmon(2).dll
2013-03-02 02:06:31 105984 ----a-w- c:\windows\system32\url(2).dll
2013-03-02 02:06:30 2004992 ----a-w- c:\windows\system32\iertutil(2).dll
2013-03-02 02:06:29 11111424 ----a-w- c:\windows\system32\ieframe(2).dll
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k(2).sys
2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet(6).dll
2013-02-05 20:05:47 1212928 ----a-w- c:\windows\system32\urlmon(6).dll
2013-02-05 20:05:47 105984 ----a-w- c:\windows\system32\url(5).dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 8:34:31.59 ===============

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once again, thanks for the help. you guys always get me out of my tight spots. :thumb:

(NOTE: For the ARK.log, I left my messenger client on when it was running and it seems to have picked up my messenger client's plugin, "Messenger Plus Live". Messenger Plus Live is a free extension that you can add-on to Windows Live Messenger, it has been brought up in many previous scans as a false positive in scanners. if you wish to confirm the safety of this program, please google "Messenger Plus Live". Thank you.)

Attached Files

attach.zip (6.1 KB)

recently i get this kind of virus. how to solve this? i tried kaspersky n bitdefender, both cannot detect anything!

the virus will move all the files into hidden location. please see picture! thanks

pls advise!

Attached Thumbnails

   

Please help me to stop this. My email or any page I go to was being redirected to other site before being loaded and it is running very slowly. Sorry to post it on the wrong forum. I was nervous.

Thank you so much for your help.
=============================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by Home at 19:57:42 on 2013-04-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6372 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Google Update] "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://workplace.bcbsks.com/go/mail02.bcbsks.com~ssl/dwa8W.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{17E6556F-BACE-48DD-86DC-86F6D63B0940} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{97CAD003-2947-46F6-BE12-7C9CC359DAA2} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1ovnjy5j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN68108137459516372&UM=&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1ovnjy5j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1ovnjy5j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-24 10:24; {872b5b88-9db5-4310-bdd0-ac189557e5f5}; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1ovnjy5j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 39768]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]
R2 IBUpdaterService;Updater Service;C:\ProgramData\IBUpdaterService\ibsvc.exe [2012-9-22 553760]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-18 382824]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
R3 P0630VID;Creative WebCam Live!;C:\Windows\System32\drivers\P0630Vid.sys [2012-3-27 99488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-1-8 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-19 1255736]
.
=============== Created Last 30 ================
.
2013-03-26 22:30:16 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-19 00:49:37 -------- d-----w- C:\Users\Home\AppData\Roaming\AVG2013
2013-03-19 00:47:01 -------- d--h--w- C:\$AVG
2013-03-19 00:44:16 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-03-19 00:44:11 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65271D0D-493A-4B84-B86D-CF5904B5F244}\mpengine.dll
2013-03-19 00:43:55 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2013-03-14 22:25:54 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 22:25:54 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-27 04:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-02-18 23:12:44 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-02-14 08:52:46 239416 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-08 09:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-02-08 09:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-02-08 09:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-02-08 09:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-02-08 09:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 19:57:57.62 ===============

Attached Files

	ark.zip (3.3 KB)
	attach.zip (2.4 KB)