Author Topic: Results of Hijack This scan (Read 19066 times)

jocaan409 · « **on:** June 03, 2011, 10:23:20 AM »

Hello, I think I am doing this right. Below is the result of my scan.
Frank
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:15 AM, on 6/3/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Kensington TrackballWorks\KTbWorksL.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\Frank C\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kensington TrackballWorks\KTbWorks.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O3 - Toolbar: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [KTbWorks] "C:\Program Files (x86)\Kensington TrackballWorks\KTbWorksL.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Qshelf.lnk = C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Chessmaster%20Challenge/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\Windows\SysWOW64\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kensington TrackballWorks Service (KTbWorksService) - Kensington Computer Products Group - C:\Program Files (x86)\Kensington TrackballWorks\KTbWorksS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SDLService - Unknown owner - C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\Windows\System32\atwtusb.exe (file missing)

--
End of file - 12438 bytes

SuperDave · « **Reply #1 on:** June 03, 2011, 01:17:44 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************
Could you please explain to me the problems you're experiencing with your computer.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

jocaan409 · « **Reply #2 on:** June 04, 2011, 07:06:26 AM »

Yes, thanks, I'll follow your instructions. Right now I do not think I am in any real, immediate danger but odd, weird things have been happening and maybe these problems are not related. I'm just trying to check to make sure my system does not have lurking, hidden malware that in the long run may disrupt my system. One problem seems inconsistent with computer operation and this may be some type of video problem, I really do not know. Anyway, when I play Solitaire on my main user the screen blinks all the time and the cards do not select right away and I have to keep on clicking on them to move them. However on the other user I have for myself there is no problem whatsoever and the game performs flawlessly. I'll send another reply when I finish running the programs you suggest. Frank C.

SuperDave · « **Reply #3 on:** June 04, 2011, 01:07:49 PM »

The longer you wait, the more difficult it may be to clean your computer.

jocaan409 · « **Reply #4 on:** June 04, 2011, 04:56:07 PM »

OK, for SuperAnti Spyware under Scanner Logs, there is just the one word Log. There is a button to the right titled View Log. When I double click the Log in the box nothing happens. When I click on the View Log button nothing happens. There were something like 138 items removed but the category these items were under might be minor, something like adware type of stuff, but still these do not seem like they are mentioned in any log. Under Malwarebytes scan, here is the log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6772

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/4/2011 3:37:16 PM
mbam-log-2011-06-04 (15-37-16).txt

Scan type: Full scan (C:\|)
Objects scanned: 317454
Time elapsed: 26 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
So maybe for now my computer is fairly clean. But it's these minor problems I'm having, like another one is that Windows Disk Defragmenter will not run, then I'm also having trouble with my Gadgets and cannot get them to come on at Start Up like they usually do. The Gadgets stopped working after I had a previous virus problem and shut the Gadgets off thinking the Gadgets were my problem. Maybe I have to tackle each one of these other problems instead in separate posts. Frank C.

SuperDave · « **Reply #5 on:** June 04, 2011, 05:19:40 PM »

A few more scans, if you don't mind

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
*****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

jocaan409 · « **Reply #6 on:** June 13, 2011, 02:36:52 PM »

OK, I have all three (DDS.txt, Attach.txt, and Security Check) on my desktop. When I right click I can Copy but when I then switch to this reply and right click, the Paste command is grayed out. I am able to Paste all three as attachments in an Outlook email but they will not Paste here. Frank C.

SuperDave · « **Reply #7 on:** June 13, 2011, 05:44:33 PM »

Quote

when I play Solitaire on my main user the screen blinks all the time and the cards do not select right away and I have to keep on clicking on them to move them. However on the other user I have for myself there is no problem whatsoever and the game performs flawlessly.

You could try creating another account. If that works well, delete the account which is giving the problems.

Quote

OK, I have all three (DDS.txt, Attach.txt, and Security Check) on my desktop. When I right click I can Copy but when I then switch to this reply and right click, the Paste command is grayed out. I am able to Paste all three as attachments in an Outlook email but they will not Paste here.

Try CTRL + A to highlight the text, CTRL + C to copy and CTRL + V to paste.

jocaan409 · « **Reply #8 on:** June 13, 2011, 09:18:23 PM »

I can probably highlight the text in those three tests and paste them in a Reply but that seems to be a heck of a lot of text. I thought you wanted me to just Copy and Paste the desktop icon of those three or the zip icon that I was able to change them into. If you want me to Copy and Paste the text I'll try it. When I tried to Ctrl + A on the desktop icon of DDS.txt it selected all the icons on the desktop. I then "deselected" each icon except DDS.txt but that still did not Copy/Paste into this message. Thanks for your help. It is appreciated. Frank C.

SuperDave · « **Reply #9 on:** June 14, 2011, 04:56:30 PM »

I need you to copy and paste the text in each of those logs.

jocaan409 · « **Reply #10 on:** June 15, 2011, 01:48:20 AM »

Here is DDS.txt
.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Frank C at 15:47:33 on 2011-06-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.2537 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Kensington TrackballWorks\KTbWorksS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Kensington TrackballWorks\KTbWorksL.exe
C:\Program Files (x86)\Kensington TrackballWorks\KTbWorks.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Macromed\Flash\FlashUtil64_10_2_161_ActiveX.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\vds.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\atwtusb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.excite.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [KTbWorks] "C:\Program Files (x86)\Kensington TrackballWorks\KTbWorksL.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Qshelf.lnk - C:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{5B1978B5-58AE-43F0-A835-64FF1191EFA1} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB-X64: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [KTbWorks] "C:\Program Files (x86)\Kensington TrackballWorks\KTbWorksL.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 HMuKstE;Kensington TrackballWorks Expert USB HID Device Filter Driver;C:\Windows\system32\DRIVERS\HMuKstE.sys --> C:\Windows\system32\DRIVERS\HMuKstE.sys [?]
R2 KTbWorksService;Kensington TrackballWorks Service;C:\Program Files (x86)\Kensington TrackballWorks\KTbWorksS.exe [2010-7-24 50256]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2010-6-15 114688]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-2-23 52280]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-6-19 25640]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-6-15 30528]
S3 rtkio;rtkio;C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2010-6-15 17392]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-6-15 219360]
S4 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-6-15 65536]
S4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2010-5-25 341296]
S4 SDLService;SDLService;C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2010-6-15 88064]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
.
=============== Created Last 30 ================
.
2011-06-13 18:32:32   404640   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-13 18:27:56   8718160   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA379095-78F4-416F-AB88-5AB5853AED95}\mpengine.dll
2011-06-08 01:37:01   8718160   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-06 17:23:09   601424   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{763FBD08-28F7-4DCF-9EEB-8F53D23F1410}\gapaengine.dll
2011-06-06 17:14:52   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2011-06-06 17:14:49   --------   d-----w-   C:\Program Files\Microsoft Security Client
2011-06-05 14:32:10   --------   d-----w-   C:\Windows\pss
2011-05-29 15:26:52   --------   d-----w-   C:\Program Files (x86)\MSN Toolbar
2011-05-29 01:24:54   3703648   ----a-w-   C:\Windows\System32\AutoPartNt.exe
2011-05-29 00:52:16   961120   ----a-w-   C:\Windows\System32\drivers\timntr.sys
2011-05-29 00:52:04   277088   ----a-w-   C:\Windows\System32\drivers\snapman.sys
2011-05-26 18:48:42   --------   d-----w-   C:\ProgramData\Seagate
2011-05-26 18:48:40   81952   ----a-w-   C:\Windows\System32\drivers\tifsfilt.sys
2011-05-26 18:48:12   593952   ----a-w-   C:\Windows\System32\drivers\tdrpman.sys
2011-05-25 16:14:56   --------   d-----w-   C:\Program Files (x86)\Uniblue
2011-05-25 11:27:58   27520   ----a-w-   C:\Windows\System32\drivers\Diskdump.sys
2011-05-23 15:59:15   --------   d-----w-   C:\ProgramData\lG22701BhGfH22701
2011-05-16 17:34:45   6851408   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-16 17:34:44   8802128   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1113CF7-7692-469D-B71A-26F7C834885B}\mpengine.dll
.
==================== Find3M ====================
.
2011-05-29 13:11:20   25912   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-04-14 09:07:59   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-04-09 07:02:55   5562240   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56   142336   ----a-w-   C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25   3967872   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25   3912576   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38   123904   ----a-w-   C:\Windows\SysWow64\poqexec.exe
2011-04-06 20:26:58   96544   ----a-w-   C:\Windows\System32\dnssd.dll
2011-04-06 20:26:58   119584   ----a-w-   C:\Windows\System32\dns-sd.exe
2011-04-06 20:20:16   91424   ----a-w-   C:\Windows\SysWow64\dnssd.dll
2011-04-06 20:20:16   107808   ----a-w-   C:\Windows\SysWow64\dns-sd.exe
2011-03-25 03:29:26   343040   ----a-w-   C:\Windows\System32\drivers\usbhub.sys
2011-03-25 03:29:14   98816   ----a-w-   C:\Windows\System32\drivers\usbccgp.sys
2011-03-25 03:29:14   325120   ----a-w-   C:\Windows\System32\drivers\usbport.sys
2011-03-25 03:29:04   52736   ----a-w-   C:\Windows\System32\drivers\usbehci.sys
2011-03-25 03:29:03   30720   ----a-w-   C:\Windows\System32\drivers\usbuhci.sys
2011-03-25 03:28:59   7936   ----a-w-   C:\Windows\System32\drivers\usbd.sys
2010-08-12 10:11:51   2325792   ----a-w-   C:\Program Files\cpuz64.exe
.
============= FINISH: 15:48:01.02 ===============
Here is Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 6/15/2010 12:09:00 AM
System Uptime: 6/13/2011 2:16:28 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD4P
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | Socket 1156 | 2654/133mhz
.
==== Disk Partitions =========================
.
A: is RemovableB: is Removable
C: is FIXED (NTFS) - 466 GiB total, 412.687 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 422.498 GiB free.
G: is FIXED (NTFS) - 396 GiB total, 391.042 GiB free.
H: is FIXED (NTFS) - 317 GiB total, 181.344 GiB free.
I: is FIXED (NTFS) - 342 GiB total, 266.008 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1963: 6/2/2011 12:33:45 PM - Automatic creation
RP1967: 6/3/2011 11:47:12 AM - Automatic creation
RP1971: 6/4/2011 2:38:00 PM - Automatic creation
RP1975: 6/5/2011 11:07:18 AM - Automatic creation
RP1983: 6/6/2011 2:30:26 PM - Automatic creation
RP1985: 6/7/2011 7:02:13 AM - Automatic creation
RP1991: 6/8/2011 1:32:22 PM - Automatic creation
RP1997: 6/9/2011 5:51:13 PM - Automatic creation
RP1999: 6/10/2011 2:00:01 AM - Automatic creation
RP2007: 6/11/2011 12:58:32 PM - Automatic creation
RP2018: 6/12/2011 7:59:50 PM - Automatic creation
RP2022: 6/13/2011 2:46:55 PM - Automatic creation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
@BIOS
Acrobat.com
Acronis True Image WD Edition
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
ATI Catalyst Registration
Belarc Advisor 8.1
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Browser Configuration Utility
Business Contact Manager for Outlook 2007 SP2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
D3DX10
Digital Voice Editor 3
DMIView B8.0717.01
DVD Flick 1.3.0.7
Easy Tune 6 B10.0301.1
ERG 2008
Evernote v. 4.2.3
Face_Wizard B09.1119.01
FixCleaner
FOX News Live Stream
FreshDiagnose
Gigabyte Raid Cinfigurer
Google Chrome
H&R Block Premium + Efile + State 2009
HydraVision
Inbox Toolbar
Internet TV for Windows Media Center
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Kensington TrackballWorks
MacroKey Manager
Mesh Runtime
Messenger Companion
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Easy Assist v2
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Sounds
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Streets & Trips 2010
Microsoft Visual C++ 2008 Redistributable Package
Move Media Player
MSVCRT
MSVCRT_amd64
NEC Electronics USB 3.0 Host Controller Driver
Olympus Digital Wave Player
ON_OFF Charge B10.0301.1
OpenOffice.org 3.2
Opera 11.11
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Power Presenter RE II
Q-Share Ver.1.2
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Roxio Easy CD and DVD Burning
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Smart 6 B0.0107.1
Smart Dual Lan
The Lord of the Rings FREE Trial
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update Manager B09.1008.1
VSO Inspector 2.1.0.4
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 5:21:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/9/2011 5:18:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/9/2011 5:15:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/9/2011 5:15:06 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/9/2011 5:12:07 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/9/2011 5:12:06 PM, Error: Service Control Manager [7001] - The Windows Event Collector service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/9/2011 5:10:02 PM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/6/2011 9:24:39 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.105.1332.0    Update Source: Microsoft Malware Protection Center    Update Stage: Install    Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.6903.0    Error code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:39 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.105.1332.0    Update Source: Microsoft Malware Protection Center    Update Stage: Install    Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.6903.0    Error code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:39 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.105.1332.0    Update Source: Microsoft Malware Protection Center    Update Stage: Install    Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.6903.0    Error code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:39 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.105.1332.0    Update Source: Microsoft Malware Protection Center    Update Stage: Install    Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.6903.0    Error code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:36 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine.    New Engine Version:     Previous Engine Version:     Engine Type: Network Inspection System    User: NT AUTHORITY\NETWORK SERVICE    Error Code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:36 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine.    New Engine Version:     Previous Engine Version:     Engine Type: Network Inspection System    User: NT AUTHORITY\NETWORK SERVICE    Error Code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:36 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine.    New Engine Version:     Previous Engine Version:     Engine Type: Network Inspection System    User: NT AUTHORITY\NETWORK SERVICE    Error Code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:36 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version:     Update Source: User    Update Stage: Install    Source Path:     Signature Type: Network Inspection System    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version:     Error code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:36 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version:     Update Source: User    Update Stage: Install    Source Path:     Signature Type: Network Inspection System    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version:     Error code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:36 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version:     Update Source: User    Update Stage: Install    Source Path:     Signature Type: Network Inspection System    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version:     Error code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.105.1332.0).
6/6/2011 9:24:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.105.1332.0    Update Source: Microsoft Update Server    Update Stage: Install    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6903.0    Error code: 0x80070643    Error description: Fatal error during installation.
6/6/2011 9:24:18 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine.    New Engine Version:     Previous Engine Version:     Engine Type: Network Inspection System    User: NT AUTHORITY\SYSTEM    Error Code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:18 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine.    New Engine Version:     Previous Engine Version:     Engine Type: Network Inspection System    User: NT AUTHORITY\SYSTEM    Error Code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version:     Update Source: User    Update Stage: Install    Source Path:     Signature Type: Network Inspection System    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version:     Error code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/6/2011 9:24:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version:     Update Source: User    Update Stage: Install    Source Path:     Signature Type: Network Inspection System    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version:     Error code: 0x80070714    Error description: The specified image file did not contain a resource section.
6/13/2011 5:57:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/13/2011 2:58:37 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
6/13/2011 2:58:37 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
6/13/2011 2:58:37 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
6/13/2011 2:16:57 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Frank C\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
6/13/2011 2:13:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/13/2011 2:13:29 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\c:\users\frank c\AppData\Local\Microsoft\Windows\usrclass.dat' was corrupted and it has been recovered. Some data might have been lost.
6/12/2011 5:29:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/12/2011 2:36:14 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/12/2011 12:06:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/12/2011 10:20:27 AM, Error: Service Control Manager [7016] - The SDLService service has reported an invalid current state 0.
6/11/2011 9:03:29 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer LAPTOP1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5B1978B5-58AE-43F0-A835-64FF1191EFA1}. The master browser is stopping or an election is being forced.
6/11/2011 12:41:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/11/2011 12:28:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/11/2011 11:20:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.    Feature: Behavior Monitoring    Error Code: 0x80004005    Error description: Unspecified error     Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

Here is Checkup.txt
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
FixCleaner
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 9.4.4
Japanese Fonts Support For Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

SuperDave · « **Reply #11 on:** June 15, 2011, 04:49:32 PM »

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

jocaan409 · « **Reply #12 on:** June 16, 2011, 08:43:25 AM »

Here is the text for Combo Fix

ComboFix 11-06-15.04 - Frank C 06/16/2011 10:04:08.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.2393 [GMT -4:00]
Running from: c:\users\FRANKC~1\AppData\Local\Temp\Temporary Internet Files\Content.IE5\X0TUCTIO\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Downloaded Installers
c:\program files (x86)\Downloaded Installers\{07FAD425-BB95-4C49-B7F5-A370E989E0D4}\setup.msi
c:\users\Frank C\AppData\Local\Temp\8E6D.tmp
c:\users\Frank C\AppData\Roaming\inst.exe
c:\users\FRANKC~1\AppData\Local\Temp\8E6D.tmp
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-16 14:07 . 2011-06-16 14:07   --------   d-----w-   c:\users\FLC\AppData\Local\temp
2011-06-16 14:07 . 2011-06-16 14:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-06-16 09:54 . 2011-05-09 19:00   8718160   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4C15A6-BF49-4542-8E68-9B4E57C339AE}\mpengine.dll
2011-06-15 20:45 . 2011-06-15 20:46   --------   d-----w-   c:\program files (x86)\Kensington TrackballWorks
2011-06-15 20:45 . 2010-07-01 20:11   370912   ----a-w-   c:\windows\UnKWorks.exe
2011-06-15 16:08 . 2011-06-15 16:08   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-06-15 00:19 . 2011-04-25 05:33   1923968   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-06-14 04:09 . 2011-06-14 04:09   --------   d--h--w-   c:\users\AppData
2011-06-14 03:43 . 2011-06-14 04:11   --------   d-----w-   c:\users\Frank
2011-06-13 20:52 . 2011-03-24 14:57   11264   ----a-w-   c:\windows\system32\EuEpmGdi.dll
2011-06-13 20:52 . 2011-03-26 00:04   2926208   ----a-w-   c:\windows\system32\BootMan.exe
2011-06-13 20:52 . 2011-03-26 00:04   18048   ----a-w-   c:\windows\SysWow64\EuEpmGdi.dll
2011-06-13 20:52 . 2011-03-26 00:03   2340992   ----a-w-   c:\windows\SysWow64\BootMan.exe
2011-06-13 20:52 . 2011-03-24 14:57   9096   ----a-w-   c:\windows\system32\EuGdiDrv.sys
2011-06-13 20:52 . 2011-03-24 14:57   86408   ----a-w-   c:\windows\SysWow64\setupempdrv03.exe
2011-06-13 20:52 . 2011-03-24 14:57   8456   ----a-w-   c:\windows\SysWow64\EuGdiDrv.sys
2011-06-13 20:52 . 2011-03-24 14:57   16776   ----a-w-   c:\windows\system32\epmntdrv.sys
2011-06-13 20:52 . 2011-03-24 14:57   14216   ----a-w-   c:\windows\SysWow64\epmntdrv.sys
2011-06-13 20:52 . 2011-03-24 14:57   100232   ----a-w-   c:\windows\system32\setupempdrvx64.exe
2011-06-13 20:52 . 2011-06-13 20:52   --------   d-----w-   c:\program files (x86)\EASEUS
2011-06-13 18:32 . 2011-06-13 18:32   404640   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-13 18:13 . 2011-06-13 18:13   --------   d-----w-   c:\users\Default\AppData\Roaming\FixCleaner
2011-06-08 01:37 . 2011-05-09 19:00   8718160   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-06 17:23 . 2011-06-06 17:23   601424   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{763FBD08-28F7-4DCF-9EEB-8F53D23F1410}\gapaengine.dll
2011-06-06 17:14 . 2011-06-06 17:14   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-06-06 17:14 . 2011-06-06 17:14   --------   d-----w-   c:\program files\Microsoft Security Client
2011-05-29 15:26 . 2011-05-29 15:26   --------   d-----w-   c:\program files (x86)\MSN Toolbar
2011-05-29 01:24 . 2011-05-29 01:24   3703648   ----a-w-   c:\windows\system32\AutoPartNt.exe
2011-05-29 00:52 . 2011-05-29 00:52   961120   ----a-w-   c:\windows\system32\drivers\timntr.sys
2011-05-29 00:52 . 2011-05-29 00:52   277088   ----a-w-   c:\windows\system32\drivers\snapman.sys
2011-05-29 00:51 . 2011-05-29 00:51   --------   d-----w-   c:\program files (x86)\Acronis
2011-05-29 00:51 . 2011-05-29 00:51   --------   d-----w-   c:\program files (x86)\Common Files\Acronis
2011-05-26 18:48 . 2011-05-26 18:48   --------   d-----w-   c:\programdata\Seagate
2011-05-26 18:48 . 2011-05-26 18:48   81952   ----a-w-   c:\windows\system32\drivers\tifsfilt.sys
2011-05-26 18:48 . 2011-05-26 18:48   593952   ----a-w-   c:\windows\system32\drivers\tdrpman.sys
2011-05-25 16:14 . 2011-05-25 16:14   --------   d-----w-   c:\program files (x86)\Uniblue
2011-05-25 11:27 . 2011-04-22 22:15   27520   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2011-05-23 15:59 . 2011-05-23 17:00   --------   d-----w-   c:\programdata\lG22701BhGfH22701
2011-05-17 15:30 . 2011-05-17 15:30   1103784   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\OFFICE11\RICHED20.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2010-07-15 03:27   25912   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-04 08:52 . 2010-07-12 21:26   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-04-18 13:15 . 2011-05-16 17:34   8802128   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1113CF7-7692-469D-B71A-26F7C834885B}\mpengine.dll
2011-04-13 14:28 . 2010-06-17 17:29   4283672   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 14:28 . 2010-06-17 17:28   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-09 07:02 . 2011-05-11 10:59   5562240   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-11 17:19   142336   ----a-w-   c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 10:59   3967872   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 10:59   3912576   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 17:19   123904   ----a-w-   c:\windows\SysWow64\poqexec.exe
2011-04-07 20:35 . 2011-04-07 20:35   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-07 20:35 . 2011-04-07 20:35   4277016   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-07 20:34 . 2011-04-07 20:34   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-07 20:34 . 2010-06-17 17:28   539968   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 20:26 . 2011-04-06 20:26   96544   ----a-w-   c:\windows\system32\dnssd.dll
2011-04-06 20:26 . 2011-04-06 20:26   119584   ----a-w-   c:\windows\system32\dns-sd.exe
2011-04-06 20:20 . 2011-04-06 20:20   91424   ----a-w-   c:\windows\SysWow64\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20   107808   ----a-w-   c:\windows\SysWow64\dns-sd.exe
2011-04-06 16:50 . 2011-04-06 16:50   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:50   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:50   1126912   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:50   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:50   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:50   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2011-04-06 16:50 . 2011-04-06 16:50   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:50   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:50   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2011-04-06 16:50 . 2011-04-06 16:50   367104   ----a-w-   c:\windows\SysWow64\html.iec
2011-04-06 16:50 . 2011-04-06 16:50   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2011-04-06 16:50 . 2011-04-06 16:50   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2011-04-06 16:50 . 2011-04-06 16:50   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2011-04-06 16:50 . 2011-04-06 16:50   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:50   1427456   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2011-04-06 16:50 . 2011-04-06 16:50   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:50   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:50   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:50   49664   ----a-w-   c:\windows\system32\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:50   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:50   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:50   222208   ----a-w-   c:\windows\system32\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:50   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:50   1389056   ----a-w-   c:\windows\system32\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:50   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:50   12288   ----a-w-   c:\windows\system32\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:50   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:50   114176   ----a-w-   c:\windows\system32\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:50   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:50   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:50   85504   ----a-w-   c:\windows\system32\iesetup.dll
2011-04-06 16:50 . 2011-04-06 16:50   76800   ----a-w-   c:\windows\system32\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:50   603648   ----a-w-   c:\windows\system32\vbscript.dll
2011-04-06 16:50 . 2011-04-06 16:50   448512   ----a-w-   c:\windows\system32\html.iec
2011-04-06 16:50 . 2011-04-06 16:50   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-06 16:50 . 2011-04-06 16:50   165888   ----a-w-   c:\windows\system32\iexpress.exe
2011-04-06 16:50 . 2011-04-06 16:50   160256   ----a-w-   c:\windows\system32\wextract.exe
2011-04-06 16:50 . 2011-04-06 16:50   1492992   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-03-25 03:29 . 2011-05-11 10:59   343040   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:29 . 2011-05-11 10:59   98816   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:29 . 2011-05-11 10:59   325120   ----a-w-   c:\windows\system32\drivers\usbport.sys
2011-03-25 03:29 . 2011-05-11 10:59   52736   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:29 . 2011-05-11 10:59   30720   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:28 . 2011-05-11 10:59   7936   ----a-w-   c:\windows\system32\drivers\usbd.sys
2010-08-12 10:11 . 2010-07-09 17:26   2325792   ----a-w-   c:\program files\cpuz64.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"KTbWorks"="c:\program files (x86)\Kensington TrackballWorks\KTbWorksL.exe" [2010-07-01 426064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
.
c:\users\Frank C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-4-27 973824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2010-6-20 118784]
Qshelf.lnk - c:\program files\Microsoft Reference\Bookshelf 98\qshelf98.exe [2010-6-27 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-07-29 52280]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 esihdrv;esihdrv;

R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-07-03 25640]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-08-11 30528]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2009-07-15 17392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2010-05-25 341296]
R4 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2009-10-23 88064]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 WTService;WTService;c:\windows\System32\atwtusb.exe

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys

S2 KTbWorksService;Kensington TrackballWorks Service;c:\program files (x86)\Kensington TrackballWorks\KTbWorksS.exe [2010-07-01 50256]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\FixCleaner Scan.job
- c:\program files (x86)\FixCleaner\FixCleaner.exe [2011-01-19 20:09]
.
2011-06-16 c:\windows\Tasks\FixCleaner Startup.job
- c:\program files (x86)\FixCleaner\FixCleaner.exe [2011-01-19 20:09]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000Core.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000UA.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"MacroKeyManager"="WTMKM.exe" [2009-05-21 5594272]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-06-07 362488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe.
**************************************************************************
.
Completion time: 2011-06-16 10:12:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-16 14:12
.
Pre-Run: 437,635,788,800 bytes free
Post-Run: 437,680,328,704 bytes free
.
- - End Of File - - 2071A3AFD32B4EF6DEE1C35FDEA3BDF4
Frank C.

SuperDave · « **Reply #13 on:** June 16, 2011, 04:46:16 PM »

I'm not finding too much on your computer. Let's try this one.

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

jocaan409 · « **Reply #14 on:** June 17, 2011, 09:36:55 AM »

I'll try it. I had trouble the last time with the last scan. My Internet Explorer would not start up nor would my Outlook email. Microsoft Security Essentials also would not start up. Sorry I forgot the error message. I tried going to my other user and I was able to get on the internet and download Microsoft Security Essentials again. After that my IE, Outlook and MSE worked fine. So I hope I can get back to you without a problem. I'll get back to you as soon as I can.
You may be right in your previous post about creating a new user account because I get an error message (settings.ini is being used with another process) when I try to put Gadgets on the desktop. My Gadgets stopped working in the midst of a virus attack when I tried to close the Gadgets (somehow I got the bright idea that possibly closing the Gadgets would stop the virus pop ups).
When I go to another user on my computer the Gadgets work fine.
The problem is I tried to transfer my files to a new user account and somehow I did not do something right, the toolbar and Start menu are not the same so I deleted the new user account and now I have a whole bunch of other items in My Documents folder. I tried to follow the Microsoft steps for transferring files but they do not explain the "if's, and's or but's" and I'm the kind of guy that thinks a lot about the "if's, and's or but's." I wish I could rewrite that procedure for Microsoft to make it more clear and take the "if's, and's or but's" out of the instructions.
I'll get back to you once I finish the last download. Thanks, Frank C.

Computer Hope Forum

News:

Author Topic: Results of Hijack This scan (Read 19066 times)

jocaan409

Results of Hijack This scan

SuperDave

Re: Results of Hijack This scan

jocaan409

Re: Results of Hijack This scan

SuperDave

Re: Results of Hijack This scan

jocaan409

Re: Results of Hijack This scan

SuperDave

Re: Results of Hijack This scan

jocaan409

Re: Results of Hijack This scan

SuperDave

Re: Results of Hijack This scan

jocaan409

Re: Results of Hijack This scan

SuperDave

Re: Results of Hijack This scan

jocaan409

Re: Results of Hijack This scan

SuperDave

Re: Results of Hijack This scan

jocaan409

Re: Results of Hijack This scan

SuperDave

Re: Results of Hijack This scan

jocaan409

Re: Results of Hijack This scan