Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Home Page has been hijacked - http://www.msn.com/?pc=Z192&install_date=20111021  (Read 25803 times)

0 Members and 1 Guest are viewing this topic.

TexMurphy

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    I actually have two problems. It started when the software on my HP Scanner stopped working. I turned the printer on and off, the computer, uninstalled the software and downloaded the software from HP's website and I keep getting this error that it can't find various msi files so I keep dealing with these popups. So as I surfed the internet for a solution, I downloaded a file that promised to fix it which changed the windows registry and has now hijacked my home page and is collecting god knows what info and passwords about me, I'm dying here, I've worked on this for over 12 hours now. Please help. Oh and also I noticed in the last couple of weeks my computer is going slow seems like the hard drive is running frequently.

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    SUPERAntiSpyware

    If you already have SUPERAntiSpyware be sure to check for updates before scanning!


    Download SuperAntispyware Free Edition (SAS)
    * Double-click the icon on your desktop to run the installer.
    * When asked to Update the program definitions, click Yes
    * If you encounter any problems while downloading the updates, manually download and unzip them from here
    * Next click the Preferences button.

    •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
    * Click the Scanning Control tab.
    * Under Scanner Options make sure only the following are checked:

    •Close browsers before scanning
    •Scan for tracking cookies
    •Terminate memory threats before quarantining
    Please leave the others unchecked

    •Click the Close button to leave the control center screen.

    * On the main screen click Scan your computer
    * On the left check the box for the drive you are scanning.
    * On the right choose Perform Complete Scan
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK
    * Make sure everything in the white box has a check next to it, then click Next
    * It will quarantine what it found and if it asks if you want to reboot, click Yes

    •To retrieve the removal information please do the following:
    •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    •Click Preferences. Click the Statistics/Logs tab.

    •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

    •It will open in your default text editor (preferably Notepad).
    •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    *Copy and Paste the log in your post.
    *************************************************


    Please download Malwarebytes Anti-Malware from

    [COLOR=blu

    e]here.[/COLOR]

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes'


    Anti-Malware[/b] and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click

      Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove

      Selected
      .
    • When disinfection is completed, a log will open in Notepad and you may be


    prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs


    tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be

    presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the

    disinfection process. If asked to restart the computer, please do so

    immediately.

    *******************************************************
    Download DDS from HERE or HERE and save it to your desktop.

    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.
    * Save both reports to your desktop.
    * The instructions here ask you to attach the Attach.txt.



    1) DDS.txt
    2) Attach.txt
    Instead of attaching, please copy/past both logs into your Thread

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copying and pasting it into the reply.

    •Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
    Windows 8 and Windows 10 dual boot with two SSD's

    TexMurphy

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Unknown
      Spyware log as requested. Running the Malwarebytes now. Extra bonus, now my mouse jumps around on its own and clicks on things.

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 10/23/2011 at 11:46 AM

      Application Version : 5.0.1134

      Core Rules Database Version : 0
      Trace Rules Database Version: 0

      Scan type       : Quick Scan
      Total Scan Time : 00:00:19

      Operating System Information
      Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
      UAC On - Limited User (Administrator User)

      Memory items scanned      : 124
      Memory threats detected   : 0
      Registry items scanned    : 29940
      Registry threats detected : 0
      File items scanned        : 3768
      File threats detected     : 2

      Adware.Tracking Cookie
         .imrworldwide.com [ C:\USERS\VALERIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQSMW6VN.DEFAULT\COOKIES.SQLITE ]
         .imrworldwide.com [ C:\USERS\VALERIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XQSMW6VN.DEFAULT\COOKIES.SQLITE ]

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Quote
      Extra bonus, now my mouse jumps around on its own and clicks on things.

      Is there any possibility that you have given remote access to someone?
      Windows 8 and Windows 10 dual boot with two SSD's

      TexMurphy

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Unknown
        Malwarebytes' Anti-Malware 1.51.2.1300
        www.malwarebytes.org

        Database version: 8006

        Windows 6.0.6002 Service Pack 2
        Internet Explorer 9.0.8112.16421

        10/23/2011 3:44:11 PM
        mbam-log-2011-10-23 (15-44-11).txt

        Scan type: Full scan (C:\|D:\|)
        Objects scanned: 366101
        Time elapsed: 1 hour(s), 23 minute(s), 59 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 0

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        (No malicious items detected)

        TexMurphy

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Unknown
          Did not authorize remote access to anyone. It jumps around, shuts my browser. When not doing that it seems to right click at random. This is just getting weirder and weirder.

          TexMurphy

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Unknown
            Some good news. This time I came in through Explorer and my home page was not jacked.

            .
            DDS (Ver_2011-08-26.01) - NTFSx86
            Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.1.0
            Run by Valerie at 16:25:54 on 2011-10-23
            Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2549.1393 [GMT -4:00]
            .
            AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
            SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
            SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
            .
            ============== Running Processes ===============
            .
            C:\Windows\system32\wininit.exe
            C:\Windows\system32\lsm.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
            C:\Windows\system32\svchost.exe -k rpcss
            c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
            C:\Windows\system32\svchost.exe -k netsvcs
            C:\Windows\system32\svchost.exe -k GPSvcGroup
            C:\Windows\system32\SLsvc.exe
            C:\Windows\system32\svchost.exe -k LocalService
            C:\Windows\system32\svchost.exe -k NetworkService
            C:\Program Files\Soluto\soluto.exe
            C:\Windows\system32\Dwm.exe
            C:\Windows\system32\taskeng.exe
            C:\Windows\Explorer.EXE
            C:\Windows\System32\spoolsv.exe
            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
            C:\Windows\system32\taskeng.exe
            C:\Windows\system32\igfxsrvc.exe
            C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
            C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
            C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
            C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
            C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
            C:\Program Files\Microsoft IntelliType Pro\itype.exe
            C:\Program Files\Microsoft IntelliPoint\ipoint.exe
            C:\Windows\system32\svchost.exe -k hpdevmgmt
            C:\Windows\System32\hkcmd.exe
            C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
            C:\Program Files\Common Files\Java\Java Update\jusched.exe
            C:\Program Files\Windows Media Player\wmpnscfg.exe
            C:\Windows\System32\svchost.exe -k HPZ12
            C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
            C:\Windows\System32\svchost.exe -k HPZ12
            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
            C:\Program Files\Soluto\SolutoService.exe
            C:\Windows\system32\svchost.exe -k imgsvc
            C:\Windows\System32\svchost.exe -k WerSvcGroup
            C:\Windows\system32\SearchIndexer.exe
            C:\Program Files\Windows Media Player\wmpnetwk.exe
            C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
            C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
            C:\Windows\system32\WUDFHost.exe
            C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
            C:\Windows\System32\alg.exe
            C:\Windows\system32\wbem\wmiprvse.exe
            c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
            C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
            C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
            c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
            C:\Windows\system32\wuauclt.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            C:\Windows\system32\DllHost.exe
            C:\Windows\system32\DllHost.exe
            C:\Windows\system32\wbem\wmiprvse.exe
            .
            ============== Pseudo HJT Report ===============
            .
            uStart Page = www.google.com
            mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
            uInternet Settings,ProxyOverride = <local>;*.local
            mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
            BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
            BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
            BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
            BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
            BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
            BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
            TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
            TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
            TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
            uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
            mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
            mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
            mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
            mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
            mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
            mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
            mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
            StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
            mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
            mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
            IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
            IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
            IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
            IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
            DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
            DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
            DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
            DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
            DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
            DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
            DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
            DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
            DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
            DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
            DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
            TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
            TCP: Interfaces\{11E0FDEF-086B-47EC-BA8B-CDE63273FF4A} : DhcpNameServer = 4.2.2.1
            TCP: Interfaces\{F2FC07E2-AACF-4FB2-BD6C-17E17F908D55} : DhcpNameServer = 65.32.5.111 65.32.5.112
            Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
            Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
            Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
            Notify: igfxcui - igfxdev.dll
            SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
            .
            ================= FIREFOX ===================
            .
            FF - ProfilePath - c:\users\valerie\appdata\roaming\mozilla\firefox\profiles\xqsmw6vn.default\
            FF - prefs.js: browser.search.selectedEngine - Bing
            FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20111021
            FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111021&q=
            FF - prefs.js: network.proxy.type - 0
            FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
            FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
            FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
            FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
            FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
            FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
            FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
            FF - Ext: Java Console: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
            FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
            FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
            FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
            .
            ============= SERVICES / DRIVERS ===============
            .
            R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-9 64288]
            R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-13 51144]
            R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
            R1 MpKsl10d23a50;MpKsl10d23a50;c:\programdata\microsoft\microsoft antimalware\definition updates\{c4aee373-ea4d-4ad3-a149-01db11fa4e8d}\MpKsl10d23a50.sys [2011-10-23 28752]
            R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
            R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
            R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
            R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
            R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
            R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-4 1153368]
            R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-7-7 376352]
            R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
            R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
            S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 135664]
            S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-5-13 19456]
            S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 135664]
            S3 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-4 94880]
            S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
            S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 43392]
            S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
            S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1355968]
            S4 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
            .
            =============== Created Last 30 ================
            .
            2011-10-23 17:51:45   28752   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c4aee373-ea4d-4ad3-a149-01db11fa4e8d}\MpKsl10d23a50.sys
            2011-10-23 17:51:41   56200   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c4aee373-ea4d-4ad3-a149-01db11fa4e8d}\offreg.dll
            2011-10-22 21:52:57   6668624   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c4aee373-ea4d-4ad3-a149-01db11fa4e8d}\mpengine.dll
            2011-10-22 16:12:28   --------   d-----w-   c:\users\valerie\appdata\roaming\Malwarebytes
            2011-10-22 16:08:48   --------   d-----w-   c:\programdata\Malwarebytes
            2011-10-22 16:08:43   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
            2011-10-22 16:08:43   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
            2011-10-22 09:03:45   --------   d-----w-   c:\users\valerie\appdata\roaming\SUPERAntiSpyware.com
            2011-10-22 09:03:19   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
            2011-10-22 09:03:19   --------   d-----w-   c:\program files\SUPERAntiSpyware
            2011-10-22 09:01:42   --------   d-----w-   c:\program files\CCleaner
            2011-10-22 08:20:48   611224   ----a-w-   c:\program files\mozilla firefox\plugins\npdeployJava1.dll
            2011-10-22 08:20:48   544656   ----a-w-   c:\windows\system32\deployJava1.dll
            2011-10-22 08:10:02   388096   ----a-r-   c:\users\valerie\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
            2011-10-22 08:10:01   --------   d-----w-   c:\program files\Trend Micro
            2011-10-22 04:29:27   --------   d-----w-   c:\users\valerie\appdata\local\temp
            2011-10-22 04:28:30   --------   d-sh--w-   C:\$RECYCLE.BIN
            2011-10-22 04:16:37   --------   d-----w-   C:\ComboFix
            2011-10-22 02:53:04   98816   ----a-w-   c:\windows\sed.exe
            2011-10-22 02:53:04   518144   ----a-w-   c:\windows\SWREG.exe
            2011-10-22 02:53:04   256000   ----a-w-   c:\windows\PEV.exe
            2011-10-22 02:53:04   208896   ----a-w-   c:\windows\MBR.exe
            2011-10-22 02:35:37   --------   d-----w-   C:\TDSSKiller_Quarantine
            2011-10-21 21:52:45   --------   d-----w-   c:\program files\Free Window Registry Repair
            2011-10-21 21:41:28   --------   d-----w-   c:\programdata\RegSERVO
            2011-10-21 21:41:21   --------   d-----w-   c:\program files\REGSERVO
            2011-10-21 21:16:20   --------   d-----w-   c:\users\valerie\appdata\local\ElevatedDiagnostics
            2011-10-13 04:30:33   69632   ----a-w-   c:\windows\system32\Mpeg2Data.ax
            2011-10-13 04:30:33   293376   ----a-w-   c:\windows\system32\psisdecd.dll
            2011-10-13 04:30:33   217088   ----a-w-   c:\windows\system32\psisrndr.ax
            2011-10-13 04:30:32   57856   ----a-w-   c:\windows\system32\MSDvbNP.ax
            2011-10-13 04:30:31   2043392   ----a-w-   c:\windows\system32\win32k.sys
            2011-10-13 04:30:21   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
            2011-10-13 04:30:16   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
            2011-10-13 04:30:16   238080   ----a-w-   c:\windows\system32\oleacc.dll
            2011-10-13 04:30:15   563712   ----a-w-   c:\windows\system32\oleaut32.dll
            2011-10-13 04:30:15   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
            2011-10-11 21:28:02   703824   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{972cdac7-ca2a-4ce2-86dd-2755f1bdf22c}\gapaengine.dll
            2011-10-08 14:57:17   113664   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\lxdedrpp.dll
            2011-10-08 14:54:30   348160   ----a-w-   c:\windows\system32\lxdecoin.dll
            2011-10-03 07:00:48   --------   d-----w-   c:\program files\Microsoft
            .
            ==================== Find3M  ====================
            .
            2011-10-07 21:22:36   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
            2011-09-01 02:35:59   1798144   ----a-w-   c:\windows\system32\jscript9.dll
            2011-09-01 02:28:15   1126912   ----a-w-   c:\windows\system32\wininet.dll
            2011-09-01 02:22:54   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
            .
            ============= FINISH: 16:26:44.21 ===============

            TexMurphy

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Unknown
              Still having trouble with my mouse shutting the brower and random things.

              .
              UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
              IF REQUESTED, ZIP IT UP & ATTACH IT
              .
              DDS (Ver_2011-08-26.01)
              .
              Microsoft® Windows Vista™ Home Premium
              Boot Device: \Device\HarddiskVolume1
              Install Date: 3/4/2008 11:24:03 AM
              System Uptime: 10/23/2011 1:51:08 PM (3 hours ago)
              .
              Motherboard: Hewlett-Packard |  | 30D9
              Processor: Intel(R) Pentium(R) Dual  CPU  T2370  @ 1.73GHz | CPU | 1733/533mhz
              .
              ==== Disk Partitions =========================
              .
              C: is FIXED (NTFS) - 138 GiB total, 65.193 GiB free.
              D: is FIXED (NTFS) - 11 GiB total, 1.992 GiB free.
              E: is CDROM (CDFS)
              F: is Removable
              .
              ==== Disabled Device Manager Items =============
              .
              ==== System Restore Points ===================
              .
              .
              ==== Installed Programs ======================
              .
              32 Bit HP CIO Components Installer
              Acrobat.com
              Activation Assistant for the 2007 Microsoft Office suites
              Ad-Aware
              Ad-Aware Email Scanner for Outlook
              Adobe AIR
              Adobe Digital Editions
              Adobe Flash Player 10 ActiveX
              Adobe Flash Player 11 Plugin
              Adobe Media Player
              Adobe Reader X (10.1.0)
              Adobe Shockwave Player
              Adobe Shockwave Player 11.6
              AIO_CDA_ProductContext
              Apple Application Support
              Apple Mobile Device Support
              Apple Software Update
              ArcSoft MediaImpression for Kodak
              Atheros Driver Installation Program
              Bonjour
              BufferChm
              CCleaner
              Compatibility Pack for the 2007 Office system
              Conexant HD Audio
              Copy
              CustomerResearchQFolder
              Destination Component
              DeviceDiscovery
              DeviceManagementQFolder
              DocProc
              DocProcQFolder
              DVD Suite
              eSupportQFolder
              Free Window Registry Repair
              Google Toolbar for Internet Explorer
              Google Update Helper
              Hewlett-Packard Active Check
              Hewlett-Packard Asset Agent for Health Check
              HiJackThis
              Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
              Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
              HP Active Support Library
              HP Doc Viewer
              HP DVD Play 3.6
              HP Easy Setup - Frontend
              HP Help and Support
              HP Product Assistant
              HP Quick Launch Buttons 6.40 B2
              HP Smart Web Printing
              HP Total Care Advisor
              HP Update
              HP User Guides 0093
              HP Wireless Assistant
              HPNetworkAssistant
              HPProductAssistant
              Intel(R) Graphics Media Accelerator Driver
              Intel(R) Matrix Storage Manager
              Intel(R) TV Wizard
              iTunes
              Java Auto Updater
              Java(TM) 6 Update 13
              Java(TM) 6 Update 2
              Java(TM) 6 Update 5
              Java(TM) 6 Update 7
              Java(TM) 7 Update 1
              Kodak EasyShare software
              LabelPrint
              Landlord Forms
              Malwarebytes' Anti-Malware version 1.51.2.1300
              MarketResearch
              McAfee Security Scan Plus
              McAfee SiteAdvisor
              Microsoft .NET Framework 3.5 SP1
              Microsoft .NET Framework 4 Client Profile
              Microsoft Antimalware
              Microsoft Application Error Reporting
              Microsoft IntelliPoint 6.2
              Microsoft IntelliType Pro 6.2
              Microsoft Office File Validation Add-In
              Microsoft Office Standard Edition 2003
              Microsoft Picture It! Express 2000
              Microsoft Security Client
              Microsoft Security Essentials
              Microsoft Silverlight
              Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
              Microsoft Visual C++ 2005 Redistributable
              Microsoft Works
              MobileMe Control Panel
              Move Networks Media Player for Internet Explorer
              Mozilla Firefox (3.6.23)
              MSN
              MSXML 4.0 SP2 (KB936181)
              MSXML 4.0 SP2 (KB941833)
              MSXML 4.0 SP2 (KB954430)
              MSXML 4.0 SP2 (KB973688)
              muvee autoProducer 6.1
              My HP Games
              NetWaiting
              Octoshape add-in for Adobe Flash Player
              OGA Notifier 2.0.0048.0
              OpenOffice.org Installer 1.0
              OverDrive Media Console
              Power2Go
              PowerDirector
              PRS-500 USB driver
              QuickTime
              Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
              Safari
              SAMSUNG Mobile Composite Device Software
              Samsung Mobile phone USB driver Software
              SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
              SAMSUNG Mobile USB Modem 1.0 Software
              SAMSUNG Mobile USB Modem Software
              Samsung PC Studio 3
              Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
              Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
              Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
              Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
              Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
              Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
              SolutionCenter
              Soluto
              Spelling Dictionaries Support For Adobe Reader 9
              Spybot - Search & Destroy
              Status
              SUPERAntiSpyware
              tooltips
              Touch Pad Driver
              TrayApp
              Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
              Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
              Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
              Viewpoint Media Player
              Visual C++ 2008 x86 Runtime - (v9.0.30729)
              Visual C++ 2008 x86 Runtime - v9.0.30729.01
              Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080)
              Windows Live OneCare safety scanner
              Windows Media Player Firefox Plugin
              .
              ==== Event Viewer Messages From Past Week ========
              .
              10/23/2011 10:47:30 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
              10/23/2011 10:29:58 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
              10/23/2011 1:53:45 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
              10/23/2011 1:53:29 PM, Error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
              10/23/2011 1:51:44 PM, Error: Microsoft-Windows-TaskScheduler [412]  - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.
              10/22/2011 5:43:01 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {657C7A59-4FEC-4C06-A354-607B1EB184FB}. The error: "3" Happened while starting this command: C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe -Embedding
              10/22/2011 5:41:07 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
              10/22/2011 12:29:08 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
              10/22/2011 12:26:53 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
              10/22/2011 12:14:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
              10/22/2011 12:14:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
              10/22/2011 12:14:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
              10/22/2011 12:14:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
              10/22/2011 12:14:21 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb Soluto spldr StarOpen Tcpip tdx Wanarpv6
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
              10/22/2011 12:14:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
              10/21/2011 9:19:35 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.115.281.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: Default URL     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7801.0     Error code: 0x8007043c     Error description: This service cannot be started in Safe Mode
              10/21/2011 9:19:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
              10/21/2011 7:01:59 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
              10/21/2011 7:01:59 PM, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
              10/21/2011 4:56:31 PM, Error: EventLog [6008]  - The previous system shutdown at 4:49:46 PM on 10/21/2011 was unexpected.
              10/21/2011 3:45:57 PM, Error: Service Control Manager [7023]  - The HP CUE DeviceDiscovery Service service terminated with the following error:  Unspecified error
              10/21/2011 2:32:15 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document https://www.e-renter.com/report/showPrintable/caseno/303367, owned by Valerie, failed to print on printer Lexmark 4800 Series. Try to print the document again, or restart the print spooler.  Data type: LEMF. Size of the spool file in bytes: 3163916. Number of bytes printed: 3163916. Total number of pages in the document: 7. Number of pages printed: 0. Client computer: \\VALERIE-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
              10/21/2011 11:59:29 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
              10/21/2011 10:55:51 PM, Error: Service Control Manager [7034]  - The XAudioService service terminated unexpectedly.  It has done this 1 time(s).
              10/21/2011 10:16:44 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
              10/16/2011 3:05:48 PM, Error: Service Control Manager [7034]  - The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
              10/16/2011 3:05:48 PM, Error: Service Control Manager [7034]  - The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
              .
              ==== End Of File ===========================

              TexMurphy

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Unknown
                I was supposed to run the DDS 2x yes? Here are the 2nd logs. Also, I don't think I saw the MSI errors I was experiencing before when I booted up. Mozilla home page stilled hijacked though and the "startnow" tool bar still there.

                .
                DDS (Ver_2011-08-26.01) - NTFSx86
                Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.1.0
                Run by Valerie at 16:44:00 on 2011-10-23
                Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2549.1555 [GMT -4:00]
                .
                AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
                SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
                SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
                .
                ============== Running Processes ===============
                .
                C:\Windows\system32\wininit.exe
                C:\Windows\system32\lsm.exe
                C:\Windows\system32\svchost.exe -k DcomLaunch
                C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
                C:\Windows\system32\svchost.exe -k rpcss
                c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                C:\Windows\system32\svchost.exe -k netsvcs
                C:\Windows\system32\svchost.exe -k GPSvcGroup
                C:\Windows\system32\SLsvc.exe
                C:\Windows\system32\svchost.exe -k LocalService
                C:\Windows\system32\svchost.exe -k NetworkService
                C:\Windows\System32\spoolsv.exe
                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                C:\Windows\system32\taskeng.exe
                C:\Windows\system32\Dwm.exe
                C:\Program Files\Soluto\soluto.exe
                C:\Windows\system32\taskeng.exe
                C:\Windows\Explorer.EXE
                C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
                C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
                C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
                C:\Windows\system32\svchost.exe -k hpdevmgmt
                C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
                C:\Windows\System32\svchost.exe -k HPZ12
                C:\Windows\System32\svchost.exe -k HPZ12
                C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                C:\Program Files\Soluto\SolutoService.exe
                C:\Windows\system32\svchost.exe -k imgsvc
                C:\Windows\System32\svchost.exe -k WerSvcGroup
                C:\Windows\system32\SearchIndexer.exe
                C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                C:\Windows\system32\WUDFHost.exe
                C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
                C:\Program Files\Windows Media Player\wmpnetwk.exe
                C:\Windows\System32\alg.exe
                C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
                C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                C:\Program Files\Microsoft IntelliType Pro\itype.exe
                C:\Program Files\Microsoft IntelliPoint\ipoint.exe
                C:\Windows\System32\hkcmd.exe
                C:\Program Files\Common Files\Java\Java Update\jusched.exe
                C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
                C:\Program Files\Windows Media Player\wmpnscfg.exe
                C:\Windows\system32\igfxsrvc.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
                C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
                C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
                C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                C:\Windows\system32\DllHost.exe
                C:\Windows\system32\DllHost.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                .
                ============== Pseudo HJT Report ===============
                .
                uStart Page = www.google.com
                mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
                uInternet Settings,ProxyOverride = <local>;*.local
                mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
                BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
                BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
                BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
                BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
                BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
                BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
                TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
                TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
                TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
                uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
                mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
                mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
                mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
                mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
                mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
                mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
                mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
                StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
                mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
                mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
                IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
                IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
                IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
                IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
                DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
                DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
                DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
                DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
                DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
                DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
                DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
                DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
                DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
                DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
                DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
                TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
                TCP: Interfaces\{11E0FDEF-086B-47EC-BA8B-CDE63273FF4A} : DhcpNameServer = 4.2.2.1
                TCP: Interfaces\{F2FC07E2-AACF-4FB2-BD6C-17E17F908D55} : DhcpNameServer = 65.32.5.111 65.32.5.112
                Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
                Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
                Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
                Notify: igfxcui - igfxdev.dll
                SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
                .
                ================= FIREFOX ===================
                .
                FF - ProfilePath - c:\users\valerie\appdata\roaming\mozilla\firefox\profiles\xqsmw6vn.default\
                FF - prefs.js: browser.search.selectedEngine - Bing
                FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20111021
                FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111021&q=
                FF - prefs.js: network.proxy.type - 0
                FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
                FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
                FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
                FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
                FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
                FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
                FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
                FF - Ext: Java Console: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
                FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
                FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
                FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
                .
                ============= SERVICES / DRIVERS ===============
                .
                R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-9 64288]
                R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-13 51144]
                R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
                R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
                R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
                R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
                R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
                R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
                R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-4 1153368]
                R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-7-7 376352]
                S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 135664]
                S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-5-13 19456]
                S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-4 135664]
                S3 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-4 94880]
                S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
                S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 43392]
                S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
                S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
                S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
                S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1355968]
                S4 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
                .
                =============== Created Last 30 ================
                .
                2011-10-23 20:42:00   56200   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c4aee373-ea4d-4ad3-a149-01db11fa4e8d}\offreg.dll
                2011-10-22 21:52:57   6668624   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c4aee373-ea4d-4ad3-a149-01db11fa4e8d}\mpengine.dll
                2011-10-22 16:12:28   --------   d-----w-   c:\users\valerie\appdata\roaming\Malwarebytes
                2011-10-22 16:08:48   --------   d-----w-   c:\programdata\Malwarebytes
                2011-10-22 16:08:43   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
                2011-10-22 16:08:43   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                2011-10-22 09:03:45   --------   d-----w-   c:\users\valerie\appdata\roaming\SUPERAntiSpyware.com
                2011-10-22 09:03:19   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
                2011-10-22 09:03:19   --------   d-----w-   c:\program files\SUPERAntiSpyware
                2011-10-22 09:01:42   --------   d-----w-   c:\program files\CCleaner
                2011-10-22 08:20:48   611224   ----a-w-   c:\program files\mozilla firefox\plugins\npdeployJava1.dll
                2011-10-22 08:20:48   544656   ----a-w-   c:\windows\system32\deployJava1.dll
                2011-10-22 08:10:02   388096   ----a-r-   c:\users\valerie\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
                2011-10-22 08:10:01   --------   d-----w-   c:\program files\Trend Micro
                2011-10-22 04:29:27   --------   d-----w-   c:\users\valerie\appdata\local\temp
                2011-10-22 04:28:30   --------   d-sh--w-   C:\$RECYCLE.BIN
                2011-10-22 04:16:37   --------   d-----w-   C:\ComboFix
                2011-10-22 02:53:04   98816   ----a-w-   c:\windows\sed.exe
                2011-10-22 02:53:04   518144   ----a-w-   c:\windows\SWREG.exe
                2011-10-22 02:53:04   256000   ----a-w-   c:\windows\PEV.exe
                2011-10-22 02:53:04   208896   ----a-w-   c:\windows\MBR.exe
                2011-10-22 02:35:37   --------   d-----w-   C:\TDSSKiller_Quarantine
                2011-10-21 21:52:45   --------   d-----w-   c:\program files\Free Window Registry Repair
                2011-10-21 21:41:28   --------   d-----w-   c:\programdata\RegSERVO
                2011-10-21 21:41:21   --------   d-----w-   c:\program files\REGSERVO
                2011-10-21 21:16:20   --------   d-----w-   c:\users\valerie\appdata\local\ElevatedDiagnostics
                2011-10-13 04:30:33   69632   ----a-w-   c:\windows\system32\Mpeg2Data.ax
                2011-10-13 04:30:33   293376   ----a-w-   c:\windows\system32\psisdecd.dll
                2011-10-13 04:30:33   217088   ----a-w-   c:\windows\system32\psisrndr.ax
                2011-10-13 04:30:32   57856   ----a-w-   c:\windows\system32\MSDvbNP.ax
                2011-10-13 04:30:31   2043392   ----a-w-   c:\windows\system32\win32k.sys
                2011-10-13 04:30:21   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
                2011-10-13 04:30:16   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
                2011-10-13 04:30:16   238080   ----a-w-   c:\windows\system32\oleacc.dll
                2011-10-13 04:30:15   563712   ----a-w-   c:\windows\system32\oleaut32.dll
                2011-10-13 04:30:15   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
                2011-10-11 21:28:02   703824   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{972cdac7-ca2a-4ce2-86dd-2755f1bdf22c}\gapaengine.dll
                2011-10-08 14:57:17   113664   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\lxdedrpp.dll
                2011-10-08 14:54:30   348160   ----a-w-   c:\windows\system32\lxdecoin.dll
                2011-10-03 07:00:48   --------   d-----w-   c:\program files\Microsoft
                .
                ==================== Find3M  ====================
                .
                2011-10-07 21:22:36   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
                2011-09-01 02:35:59   1798144   ----a-w-   c:\windows\system32\jscript9.dll
                2011-09-01 02:28:15   1126912   ----a-w-   c:\windows\system32\wininet.dll
                2011-09-01 02:22:54   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
                .
                ============= FINISH: 16:44:45.22 ===============
                .
                UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
                IF REQUESTED, ZIP IT UP & ATTACH IT
                .
                DDS (Ver_2011-08-26.01).
                Microsoft® Windows Vista™ Home Premium
                Boot Device: \Device\HarddiskVolume1
                Install Date: 3/4/2008 11:24:03 AM
                System Uptime: 10/23/2011 4:40:12 PM (0 hours ago)
                .
                Motherboard: Hewlett-Packard |  | 30D9
                Processor: Intel(R) Pentium(R) Dual  CPU  T2370  @ 1.73GHz | CPU | 1733/533mhz
                .
                ==== Disk Partitions =========================
                .
                C: is FIXED (NTFS) - 138 GiB total, 65.191 GiB free.
                D: is FIXED (NTFS) - 11 GiB total, 1.992 GiB free.
                E: is CDROM (CDFS)
                F: is Removable
                .
                ==== Disabled Device Manager Items =============
                .
                ==== System Restore Points ===================
                .
                .
                ==== Installed Programs ======================
                .
                32 Bit HP CIO Components Installer
                Acrobat.com
                Activation Assistant for the 2007 Microsoft Office suites
                Ad-Aware
                Ad-Aware Email Scanner for Outlook
                Adobe AIR
                Adobe Digital Editions
                Adobe Flash Player 10 ActiveX
                Adobe Flash Player 11 Plugin
                Adobe Media Player
                Adobe Reader X (10.1.0)
                Adobe Shockwave Player
                Adobe Shockwave Player 11.6
                AIO_CDA_ProductContext
                Apple Application Support
                Apple Mobile Device Support
                Apple Software Update
                ArcSoft MediaImpression for Kodak
                Atheros Driver Installation Program
                Bonjour
                BufferChm
                CCleaner
                Compatibility Pack for the 2007 Office system
                Conexant HD Audio
                Copy
                CustomerResearchQFolder
                Destination Component
                DeviceDiscovery
                DeviceManagementQFolder
                DocProc
                DocProcQFolder
                DVD Suite
                eSupportQFolder
                Free Window Registry Repair
                Google Toolbar for Internet Explorer
                Google Update Helper
                Hewlett-Packard Active Check
                Hewlett-Packard Asset Agent for Health Check
                HiJackThis
                Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
                Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
                HP Active Support Library
                HP Doc Viewer
                HP DVD Play 3.6
                HP Easy Setup - Frontend
                HP Help and Support
                HP Product Assistant
                HP Quick Launch Buttons 6.40 B2
                HP Smart Web Printing
                HP Total Care Advisor
                HP Update
                HP User Guides 0093
                HP Wireless Assistant
                HPNetworkAssistant
                HPProductAssistant
                Intel(R) Graphics Media Accelerator Driver
                Intel(R) Matrix Storage Manager
                Intel(R) TV Wizard
                iTunes
                Java Auto Updater
                Java(TM) 6 Update 13
                Java(TM) 6 Update 2
                Java(TM) 6 Update 5
                Java(TM) 6 Update 7
                Java(TM) 7 Update 1
                Kodak EasyShare software
                LabelPrint
                Landlord Forms
                Malwarebytes' Anti-Malware version 1.51.2.1300
                MarketResearch
                McAfee Security Scan Plus
                McAfee SiteAdvisor
                Microsoft .NET Framework 3.5 SP1
                Microsoft .NET Framework 4 Client Profile
                Microsoft Antimalware
                Microsoft Application Error Reporting
                Microsoft IntelliPoint 6.2
                Microsoft IntelliType Pro 6.2
                Microsoft Office File Validation Add-In
                Microsoft Office Standard Edition 2003
                Microsoft Picture It! Express 2000
                Microsoft Security Client
                Microsoft Security Essentials
                Microsoft Silverlight
                Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
                Microsoft Visual C++ 2005 Redistributable
                Microsoft Works
                MobileMe Control Panel
                Move Networks Media Player for Internet Explorer
                Mozilla Firefox (3.6.23)
                MSN
                MSXML 4.0 SP2 (KB936181)
                MSXML 4.0 SP2 (KB941833)
                MSXML 4.0 SP2 (KB954430)
                MSXML 4.0 SP2 (KB973688)
                muvee autoProducer 6.1
                My HP Games
                NetWaiting
                Octoshape add-in for Adobe Flash Player
                OGA Notifier 2.0.0048.0
                OpenOffice.org Installer 1.0
                OverDrive Media Console
                Power2Go
                PowerDirector
                PRS-500 USB driver
                QuickTime
                Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
                Safari
                SAMSUNG Mobile Composite Device Software
                Samsung Mobile phone USB driver Software
                SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
                SAMSUNG Mobile USB Modem 1.0 Software
                SAMSUNG Mobile USB Modem Software
                Samsung PC Studio 3
                Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
                Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
                Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
                Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
                Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
                Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
                SolutionCenter
                Soluto
                Spelling Dictionaries Support For Adobe Reader 9
                Spybot - Search & Destroy
                Status
                SUPERAntiSpyware
                tooltips
                Touch Pad Driver
                TrayApp
                Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
                Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
                Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
                Viewpoint Media Player
                Visual C++ 2008 x86 Runtime - (v9.0.30729)
                Visual C++ 2008 x86 Runtime - v9.0.30729.01
                Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080)
                Windows Live OneCare safety scanner
                Windows Media Player Firefox Plugin
                .
                ==== Event Viewer Messages From Past Week ========
                .
                10/23/2011 4:41:03 PM, Error: Service Control Manager [7023]  - The HP CUE DeviceDiscovery Service service terminated with the following error:  Unspecified error
                10/23/2011 4:40:40 PM, Error: Microsoft-Windows-TaskScheduler [412]  - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.
                10/23/2011 10:47:30 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
                10/23/2011 10:29:58 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
                10/23/2011 1:53:45 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
                10/23/2011 1:53:29 PM, Error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
                10/22/2011 5:43:01 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {657C7A59-4FEC-4C06-A354-607B1EB184FB}. The error: "3" Happened while starting this command: C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe -Embedding
                10/22/2011 5:41:07 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
                10/22/2011 12:29:08 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
                10/22/2011 12:26:53 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
                10/22/2011 12:14:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
                10/22/2011 12:14:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
                10/22/2011 12:14:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
                10/22/2011 12:14:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
                10/22/2011 12:14:21 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb Soluto spldr StarOpen Tcpip tdx Wanarpv6
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:16 AM, Error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
                10/22/2011 12:14:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
                10/21/2011 9:19:35 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.115.281.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: Default URL     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7801.0     Error code: 0x8007043c     Error description: This service cannot be started in Safe Mode
                10/21/2011 9:19:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
                10/21/2011 7:01:59 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
                10/21/2011 7:01:59 PM, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
                10/21/2011 4:56:31 PM, Error: EventLog [6008]  - The previous system shutdown at 4:49:46 PM on 10/21/2011 was unexpected.
                10/21/2011 2:32:15 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document https://www.e-renter.com/report/showPrintable/caseno/303367, owned by Valerie, failed to print on printer Lexmark 4800 Series. Try to print the document again, or restart the print spooler.  Data type: LEMF. Size of the spool file in bytes: 3163916. Number of bytes printed: 3163916. Total number of pages in the document: 7. Number of pages printed: 0. Client computer: \\VALERIE-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
                10/21/2011 11:59:29 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
                10/21/2011 10:55:51 PM, Error: Service Control Manager [7034]  - The XAudioService service terminated unexpectedly.  It has done this 1 time(s).
                10/21/2011 10:16:44 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
                10/16/2011 3:05:48 PM, Error: Service Control Manager [7034]  - The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
                10/16/2011 3:05:48 PM, Error: Service Control Manager [7034]  - The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
                .
                ==== End Of File ===========================


                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Download OTL to your desktop.

                * Open OTL
                * Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

                Code: [Select]
                :OTL

                BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
                TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
                FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

                :COMMANDS
                [resethosts]
                [purity]
                [start explorer]

                * Click Run Fix
                * OTLI2 may ask to reboot the machine. Please do so if asked.
                * Click OK
                * A report will open. Copy and Paste that report in your next reply.
                **************************************************************

                Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
                Free Window Registry Repair
                There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

                For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

                Further reading: XP Fixes Myth #1: Registry Cleaners
                *****************************************************
                You have Viewpoint installed.

                Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

                More information:

                * ViewMgr.exe - Useless
                * Viewpoint to Plunge Into Adware

                It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

                * Viewpoint
                * Viewpoint Manager
                * Viewpoint Media Player
                * Viewpoint Toolbar
                * Viewpoint Experience Technology

                ***************************************************
                Update Your Java (JRE)

                Old versions of Java have vulnerabilities that malware can use to infect your system.


                First Verify your Java Version

                If there are any other version(s) installed then update now.

                Get the new version (if needed)

                If your version is out of date install the newest version of the Sun Java Runtime Environment.

                Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

                Be sure to close ALL open web browsers before starting the installation.

                Remove any old versions

                1. Download JavaRa and unzip the file to your Desktop.
                2. Open JavaRA.exe and choose Remove Older Versions
                3. Once complete exit JavaRA.

                Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
                *****************************************************
                Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

                link # 1
                Link # 2
                If you are using Firefox, make sure that your download settings are as follows:

                * Tools->Options->Main tab
                * Set to "Always ask me where to Save the files".

                Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

                Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

                Right-click combofix.exe and select Run as Administrator and follow the prompts.
                When finished, ComboFix will produce a log for you.
                Post the ComboFix login your next reply.

                NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
                Windows 8 and Windows 10 dual boot with two SSD's

                TexMurphy

                  Topic Starter


                  Rookie

                  • Experience: Beginner
                  • OS: Unknown
                  Going to follow the instructions you have posted above. While I was waiting I decided to clean my optical mouse & the mouse pad to see if I could get rid of the leaping mouse problem. Didn't work. So then I decided to uninstall Mozilla and reinstall it. My home page isn't hijacked any more and my leaping mouse problem went away too. Sadly my scanner still isn't working and when I try to use it I still get error messages about MSI files. Once I run your instructions, I may uninstall it for the umpteenth time and download it from HP's website again. Oh and as another bonus my hard drive isn't running all the time and the computer is not slow (at least not today). Geez to think this thing could have been the issue all along. I thought my computer was just getting old and I needed a new one. The sluggishness & running hard drive have been going on for months.

                  TexMurphy

                    Topic Starter


                    Rookie

                    • Experience: Beginner
                    • OS: Unknown
                    ========== OTL ==========
                    File Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} not found.
                    ========== COMMANDS ==========
                    C:\Windows\System32\drivers\etc\Hosts moved successfully.
                    HOSTS file reset successfully
                     
                    OTL by OldTimer - Version 3.2.31.0 log created on 10242011_192016

                    ComboFix 11-10-24.04 - Valerie 10/24/2011  20:44:08.2.2 - x86
                    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2549.1480 [GMT -4:00]
                    Running from: c:\users\Valerie\Desktop\ComboFix.exe
                    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
                    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
                    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                    .
                    .
                    (((((((((((((((((((((((((   Files Created from 2011-09-25 to 2011-10-25  )))))))))))))))))))))))))))))))
                    .
                    .
                    2011-10-25 00:52 . 2011-10-25 00:52   --------   d-----w-   c:\users\Valerie\AppData\Local\temp
                    2011-10-25 00:52 . 2011-10-25 00:52   --------   d-----w-   c:\users\Default\AppData\Local\temp
                    2011-10-24 23:40 . 2011-10-24 23:40   28752   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2641ECC4-2C12-48D0-8A4D-6E40F95563E2}\MpKsl430ed4a9.sys
                    2011-10-24 23:40 . 2011-10-24 23:40   56200   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2641ECC4-2C12-48D0-8A4D-6E40F95563E2}\offreg.dll
                    2011-10-24 23:20 . 2011-10-24 23:20   --------   d-----w-   C:\_OTL
                    2011-10-24 01:31 . 2011-10-07 03:48   6668624   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2641ECC4-2C12-48D0-8A4D-6E40F95563E2}\mpengine.dll
                    2011-10-22 16:12 . 2011-10-22 16:12   --------   d-----w-   c:\users\Valerie\AppData\Roaming\Malwarebytes
                    2011-10-22 16:08 . 2011-10-22 16:08   --------   d-----w-   c:\programdata\Malwarebytes
                    2011-10-22 16:08 . 2011-10-22 16:08   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                    2011-10-22 16:08 . 2011-08-31 21:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
                    2011-10-22 09:03 . 2011-10-22 09:03   --------   d-----w-   c:\users\Valerie\AppData\Roaming\SUPERAntiSpyware.com
                    2011-10-22 09:03 . 2011-10-22 09:03   --------   d-----w-   c:\program files\SUPERAntiSpyware
                    2011-10-22 09:03 . 2011-10-22 09:03   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
                    2011-10-22 09:01 . 2011-10-22 09:01   --------   d-----w-   c:\program files\CCleaner
                    2011-10-22 08:20 . 2011-10-22 08:20   611224   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
                    2011-10-22 08:20 . 2011-10-22 08:20   544656   ----a-w-   c:\windows\system32\deployJava1.dll
                    2011-10-22 08:10 . 2011-10-22 08:10   388096   ----a-r-   c:\users\Valerie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                    2011-10-22 08:10 . 2011-10-22 08:10   --------   d-----w-   c:\program files\Trend Micro
                    2011-10-22 02:35 . 2011-10-22 02:35   --------   d-----w-   C:\TDSSKiller_Quarantine
                    2011-10-21 22:36 . 2011-10-21 22:36   --------   d-----w-   c:\programdata\HPSSUPPLY
                    2011-10-21 21:52 . 2011-10-21 22:09   --------   d-----w-   c:\program files\Free Window Registry Repair
                    2011-10-21 21:41 . 2011-10-21 21:41   --------   d-----w-   c:\programdata\RegSERVO
                    2011-10-21 21:41 . 2011-10-21 21:48   --------   d-----w-   c:\program files\REGSERVO
                    2011-10-21 21:16 . 2011-10-21 21:16   --------   d-----w-   c:\users\Valerie\AppData\Local\ElevatedDiagnostics
                    2011-10-13 04:30 . 2011-07-29 16:01   293376   ----a-w-   c:\windows\system32\psisdecd.dll
                    2011-10-13 04:30 . 2011-07-29 16:01   217088   ----a-w-   c:\windows\system32\psisrndr.ax
                    2011-10-13 04:30 . 2011-07-29 16:00   69632   ----a-w-   c:\windows\system32\Mpeg2Data.ax
                    2011-10-13 04:30 . 2011-07-29 16:00   57856   ----a-w-   c:\windows\system32\MSDvbNP.ax
                    2011-10-13 04:30 . 2011-09-06 13:30   2043392   ----a-w-   c:\windows\system32\win32k.sys
                    2011-10-13 04:30 . 2011-09-14 10:51   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
                    2011-10-13 04:30 . 2011-08-25 16:15   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
                    2011-10-13 04:30 . 2011-08-25 16:14   238080   ----a-w-   c:\windows\system32\oleacc.dll
                    2011-10-13 04:30 . 2011-08-25 16:14   563712   ----a-w-   c:\windows\system32\oleaut32.dll
                    2011-10-13 04:30 . 2011-08-25 13:31   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
                    2011-10-11 21:28 . 2011-10-11 21:26   703824   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{972CDAC7-CA2A-4CE2-86DD-2755F1BDF22C}\gapaengine.dll
                    2011-10-08 14:57 . 2007-05-25 17:42   113664   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\lxdedrpp.dll
                    2011-10-08 14:54 . 2007-05-03 19:50   348160   ----a-w-   c:\windows\system32\lxdecoin.dll
                    2011-10-03 07:00 . 2011-10-13 21:15   --------   d-----w-   c:\program files\Microsoft
                    .
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2011-10-07 21:22 . 2011-09-16 08:40   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
                    2011-10-07 03:48 . 2010-04-04 09:39   6668624   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                    2011-09-29 06:53 . 2011-10-24 01:29   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
                    .
                    .
                    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    *Note* empty entries & legit default entries are not shown
                    REGEDIT4
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
                    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
                    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
                    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
                    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
                    .
                    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                    "EnableUIADesktopToggle"= 0 (0x0)
                    .
                    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                    2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
                    @=""
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                    @=""
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
                    @="Service"
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                    @="Service"
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
                    @="Service"
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                    @="Driver"
                    .
                    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
                    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
                    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
                    backupExtension=.CommonStartup
                    .
                    [HKLM\~\startupfolder\C:^Users^Valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
                    path=c:\users\Valerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
                    backup=c:\windows\pss\Adobe Media Player.lnk.Startup
                    backupExtension=.Startup
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
                    2011-06-06 16:55   937920   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
                    2011-04-20 16:48   58656   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                    2011-08-19 05:07   421736   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
                    2007-12-06 22:13   202032   ----a-w-   c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
                    2009-04-11 06:28   1233920   ----a-w-   c:\program files\Windows Sidebar\sidebar.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                    2009-03-09 09:19   148888   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe
                    .
                    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
                    "ehTray.exe"=c:\windows\ehome\ehTray.exe
                    "HPAdvisor"=c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
                    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
                    "IgfxTray"=c:\windows\system32\igfxtray.exe
                    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
                    "Persistence"=c:\windows\system32\igfxpers.exe
                    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
                    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
                    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                    "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
                    "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
                    "QPService"="c:\program files\HP\QuickPlay\QPService.exe"
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                    "DisableMonitoring"=dword:00000001
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                    "DisableMonitoring"=dword:00000001
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                    "DisableMonitoring"=dword:00000001
                    .
                    R1 MpKsl543b0f27;MpKsl543b0f27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AEE4A95-3675-49CF-A5EE-111838645469}\MpKsl543b0f27.sys

                    R1 MpKsl60fafd67;MpKsl60fafd67;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBA2A051-D2D7-4316-B373-F78F035897F5}\MpKsl60fafd67.sys

                    R1 MpKsl95420646;MpKsl95420646;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E47E45E6-6D4A-415D-89C1-867AFF5FD209}\MpKsl95420646.sys

                    R1 MpKslb0a7db12;MpKslb0a7db12;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E47E45E6-6D4A-415D-89C1-867AFF5FD209}\MpKslb0a7db12.sys

                    R1 MpKslca4406c9;MpKslca4406c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{645EE3A9-82B1-4918-B41E-7E2B7E264BA4}\MpKslca4406c9.sys

                    R1 MpKslce1f79c5;MpKslce1f79c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E47E45E6-6D4A-415D-89C1-867AFF5FD209}\MpKslce1f79c5.sys

                    R1 MpKsld8480170;MpKsld8480170;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBA2A051-D2D7-4316-B373-F78F035897F5}\MpKsld8480170.sys

                    R1 MpKsldb7d22b0;MpKsldb7d22b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A4FB7A-17B2-467D-BEB0-2F5CEE2DB421}\MpKsldb7d22b0.sys

                    R1 MpKsle9fefabc;MpKsle9fefabc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBA2A051-D2D7-4316-B373-F78F035897F5}\MpKsle9fefabc.sys

                    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
                    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 135664]
                    R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
                    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-05-13 19456]
                    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 135664]
                    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
                    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
                    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
                    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
                    R4 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 598960]
                    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-06 64288]
                    S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2011-07-07 51144]
                    S1 MpKsl430ed4a9;MpKsl430ed4a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2641ECC4-2C12-48D0-8A4D-6E40F95563E2}\MpKsl430ed4a9.sys [2011-10-24 28752]
                    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
                    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
                    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
                    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
                    S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-07 376352]
                    S3 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]
                    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
                    .
                    .
                    --- Other Services/Drivers In Memory ---
                    .
                    *NewlyCreated* - MPKSL430ED4A9
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                    HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
                    hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
                    LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
                    .
                    Contents of the 'Scheduled Tasks' folder
                    .
                    2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 14:17]
                    .
                    2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 14:17]
                    .
                    2011-10-23 c:\windows\Tasks\RegSERVO.job
                    - c:\program files\REGSERVO\RegSERVO.exe [2010-08-19 16:45]
                    .
                    .
                    ------- Supplementary Scan -------
                    .
                    uStart Page = www.google.com
                    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
                    uInternet Settings,ProxyOverride = <local>;*.local
                    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
                    FF - ProfilePath - c:\users\Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\lnh0cvk7.default\
                    FF - prefs.js: browser.search.selectedEngine - Secure Search
                    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
                    .
                    .
                    **************************************************************************
                    .
                    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2011-10-24 20:52
                    Windows 6.0.6002 Service Pack 2 NTFS
                    .
                    scanning hidden processes ... 
                    .
                    scanning hidden autostart entries ...
                    .
                    scanning hidden files ... 
                    .
                    scan completed successfully
                    hidden files: 0
                    .
                    **************************************************************************
                    .
                    --------------------- LOCKED REGISTRY KEYS ---------------------
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    Completion time: 2011-10-24  20:56:50
                    ComboFix-quarantined-files.txt  2011-10-25 00:56
                    ComboFix2.txt  2011-10-22 04:29
                    ComboFix3.txt  2011-10-22 04:02
                    .
                    Pre-Run: 71,007,141,888 bytes free
                    Post-Run: 70,952,587,264 bytes free
                    .
                    - - End Of File - - 1B59595EEC5C0E6FBC3994B1048A2737

                    SuperDave

                    • Malware Removal Specialist


                    • Genius
                    • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    SysProt Antirootkit

                    Download
                    SysProt Antirootkit from the link below (you will find it at the bottom
                    of the page under attachments, or you can get it from one of the
                    mirrors).

                    http://sites.google.com/site/sysprotantirootkit/

                    Unzip it into a folder on your desktop.
                    • Double click Sysprot.exe to start the program.
                    • Click on the Log tab.
                    • In the Write to log box select the following items.
                      • Process << Selected
                      • Kernel Modules << Selected
                      • SSDT << Selected
                      • Kernel Hooks << Selected
                      • IRP Hooks << NOT Selected
                      • Ports << NOT Selected
                      • Hidden Files << Selected
                    • At the bottom of the page
                      • Hidden Objects Only << Selected
                    • Click on the Create Log button on the bottom right.
                    • After a few seconds a new window should appear.
                    • Select Scan Root Drive. Click on the Start button.
                    • When it is complete a new window will appear to indicate that the scan is finished.
                    • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
                    Windows 8 and Windows 10 dual boot with two SSD's

                    TexMurphy

                      Topic Starter


                      Rookie

                      • Experience: Beginner
                      • OS: Unknown
                      So I tried the uninstall and reinstall of my printer/scanner. It didn't work. The program says its already installed and offers to uninstall it but then it has issues doing so. So I broke down and spent the $10-$15 and orderd the install disk. Computer over all seems to be having lovely except today I noticed I have no sound on youtube. Sound works otherwise. When on you tube I try to click on the speaker button in you tube it shows the speaker and next to it an X. but nothing happens when I click on it, its greyed out. Here's the log you asked for.

                      SysProt AntiRootkit v1.0.1.0
                      by swatkat

                      ******************************************************************************************
                      ******************************************************************************************

                      No Hidden Processes found

                      ******************************************************************************************
                      ******************************************************************************************
                      Kernel Modules:
                      Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
                      Service Name: ---
                      Module Base: 8FC03000
                      Module End: 8FCCB000
                      Hidden: Yes

                      ******************************************************************************************
                      ******************************************************************************************
                      No SSDT Hooks found

                      ******************************************************************************************
                      ******************************************************************************************
                      No Kernel Hooks found

                      ******************************************************************************************
                      ******************************************************************************************
                      Hidden files/folders:
                      Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
                      Status: Access denied

                      Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
                      Status: Access denied

                      Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
                      Status: Access denied

                      Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
                      Status: Access denied

                      Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl
                      Status: Access denied

                      SuperDave

                      • Malware Removal Specialist


                      • Genius
                      • Thanked: 1020
                      • Certifications: List
                      • Experience: Expert
                      • OS: Windows 10
                      I'd like to scan your machine with ESET OnlineScan

                      •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                      ESET OnlineScan
                      •Click the button.
                      •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                      • Click on to download the ESET Smart Installer. Save it to your desktop.
                      • Double click on the icon on your desktop.
                      •Check
                      •Click the button.
                      •Accept any security warnings from your browser.
                      •Check
                      •Push the Start button.
                      •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                      •When the scan completes, push
                      •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                      •Push the button.
                      •Push
                      A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                      Windows 8 and Windows 10 dual boot with two SSD's