lordonia

It's resolved as long as I leave the Computer option enabled in the start menu, which I don't think should be required, right?

I wasn't able to get ProcessMonitor to work but I tracked down what's causing it to recur. I'm on Windows 7. Start menu > customize > set Computer option to Don't Display This Item > Save. The next time malwarebytes runs, it will find and quarantine PUM.Hijack.StartMenu and the start menu Computer option will be set back to the default of Display as a Link.

1. From ProcessMonitor > Options > Enable Bootlooging. A window displays: "Process Monitor is configured to log activity during the next boot." I did not check the box to Generate Profile events. 2. Restart. ProcessMonitor did not open automatically after restarting. 3. Open procmon.ext > click Run. 4. The main window is blank, no process name or any text shown. 5. Alert window: "A log of boot-time activity was created by a previous instance of Process Monitor. Do you wish to save the collected data now?" 6. Click Yes > save the Bootlog.pml file. 7. Two files are created, both called Bootlog.pml. I'm not able to open or view them. They're both over 200 MB.

Okay, I got it. Had to select the Filter first. I re-ran the regfix but there's no process line shown.

I don't see the Process Monitor Filter window.

Hi -- I apologize, but I'm not following. I downloaded ProcessMonitor and unzipped it to the ProcessMonitor folder. The folder contains a file for procmon.exe and procmon.chm. Should I run the exe file? I did that but didn't see any Architecture button. What window should I be looking at in order to see those buttons?

Thanks, Daniel. Second shot: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_SearchFiles REG_DWORD 0x2 ServerAdminUI REG_DWORD 0x0 Hidden REG_DWORD 0x1 ShowCompColor REG_DWORD 0x1 HideFileExt REG_DWORD 0x0 DontPrettyPath REG_DWORD 0x0 ShowInfoTip REG_DWORD 0x1 HideIcons REG_DWORD 0x0 MapNetDrvBtn REG_DWORD 0x0 WebView REG_DWORD 0x1 Filter REG_DWORD 0x0 SuperHidden REG_DWORD 0x0 SeparateProcess REG_DWORD 0x0 AutoCheckSelect REG_DWORD 0x0 IconsOnly REG_DWORD 0x0 ShowTypeOverlay REG_DWORD 0x1 ListviewAlphaSelect REG_DWORD 0x1 ListviewShadow REG_DWORD 0x1 TaskbarAnimations REG_DWORD 0x1 StartMenuInit REG_DWORD 0x4 Start_MinMFU REG_DWORD 0x5 Start_JumpListItems REG_DWORD 0x5 TaskbarSizeMove REG_DWORD 0x0 DisablePreviewDesktop REG_DWORD 0x1 TaskbarSmallIcons REG_DWORD 0x1 TaskbarGlomLevel REG_DWORD 0x2 Start_PowerButtonAction REG_DWORD 0x2 Start_TrackProgs REG_DWORD 0x0 Start_TrackDocs REG_DWORD 0x0 FolderContentsInfoTip REG_DWORD 0x1 Start_ShowMyComputer REG_DWORD 0x1 Start_ShowMyDocs REG_DWORD 0x2 Start_ShowMyGames REG_DWORD 0x0 Start_NotifyNewApps REG_DWORD 0x0 Start_ShowMyMusic REG_DWORD 0x0 Start_ShowMyPics REG_DWORD 0x0 Start_ShowRun REG_DWORD 0x1 Start_AdminToolsRoot REG_DWORD 0x0 StartMenuAdminTools REG_DWORD 0x1 Start_ShowSetProgramAccessAndDefaults REG_DWORD 0x0 Start_ShowHelp REG_DWORD 0x0 Start_ShowUser REG_DWORD 0x0 AlwaysShowMenus REG_DWORD 0x1 NavPaneShowAllFolders REG_DWORD 0x1 ExtendedUIHoverTime REG_DWORD 0xf4240 Start_LargeMFUIcons REG_DWORD 0x0 Start_ShowPrinters REG_DWORD 0x1 Start_SearchPrograms REG_DWORD 0x0 Start_ShowRecordedTV REG_DWORD 0x0 Start_ShowNetPlaces REG_DWORD 0x0

Thanks! Here 'tis: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_SearchFiles REG_DWORD 0x2 ServerAdminUI REG_DWORD 0x0 Hidden REG_DWORD 0x1 ShowCompColor REG_DWORD 0x1 HideFileExt REG_DWORD 0x0 DontPrettyPath REG_DWORD 0x0 ShowInfoTip REG_DWORD 0x1 HideIcons REG_DWORD 0x0 MapNetDrvBtn REG_DWORD 0x0 WebView REG_DWORD 0x1 Filter REG_DWORD 0x0 SuperHidden REG_DWORD 0x0 SeparateProcess REG_DWORD 0x0 AutoCheckSelect REG_DWORD 0x0 IconsOnly REG_DWORD 0x0 ShowTypeOverlay REG_DWORD 0x1 ListviewAlphaSelect REG_DWORD 0x1 ListviewShadow REG_DWORD 0x1 TaskbarAnimations REG_DWORD 0x1 StartMenuInit REG_DWORD 0x4 Start_MinMFU REG_DWORD 0x5 Start_JumpListItems REG_DWORD 0x5 TaskbarSizeMove REG_DWORD 0x0 DisablePreviewDesktop REG_DWORD 0x1 TaskbarSmallIcons REG_DWORD 0x1 TaskbarGlomLevel REG_DWORD 0x2 Start_PowerButtonAction REG_DWORD 0x2 Start_TrackProgs REG_DWORD 0x0 Start_TrackDocs REG_DWORD 0x0 FolderContentsInfoTip REG_DWORD 0x1 Start_ShowMyComputer REG_DWORD 0x1 Start_ShowMyDocs REG_DWORD 0x2 Start_ShowMyGames REG_DWORD 0x0 Start_NotifyNewApps REG_DWORD 0x0 Start_ShowMyMusic REG_DWORD 0x0 Start_ShowMyPics REG_DWORD 0x0 Start_ShowRun REG_DWORD 0x1 Start_AdminToolsRoot REG_DWORD 0x0 StartMenuAdminTools REG_DWORD 0x1 Start_ShowSetProgramAccessAndDefaults REG_DWORD 0x0 Start_ShowHelp REG_DWORD 0x0 Start_ShowUser REG_DWORD 0x0 AlwaysShowMenus REG_DWORD 0x1 NavPaneShowAllFolders REG_DWORD 0x1 ExtendedUIHoverTime REG_DWORD 0xf4240 Start_LargeMFUIcons REG_DWORD 0x0 Start_ShowPrinters REG_DWORD 0x1 Start_SearchPrograms REG_DWORD 0x0 Start_ShowRecordedTV REG_DWORD 0x0 Start_ShowNetPlaces REG_DWORD 0x0

Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.28.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Protection: Enabled 3/28/2013 10:20:58 AM mbam-log-2013-03-28 (10-20-58).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Registry | File System Objects scanned: 164493 Time elapsed: 1 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

dds.txt file ---------------------- DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_26 Run by ldavies at 19:26:21 on 2013-03-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3036.1852 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\conhost.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Nuance\PaperPort\pptd40nt.exe C:\Windows\system32\SearchIndexer.exe C:\Users\ldavies\AppData\Roaming\7 Taskbar Tweaker\7+ Taskbar Tweaker.exe C:\Users\ldavies\AppData\Local\Akamai\netsession_win.exe C:\Users\ldavies\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\ldavies\Desktop\RogueKiller.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig uProxyOverride = <local> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [eyeBeam SIP Client] <no file> mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe" mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe" mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 10.0.0.1 TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA} : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\0556475627D24527166756C6D275962756C6563737 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\0556475627D24527166756C6D275962756C6563737F52374548545 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\34F657274797162746D27457563747 : DHCPNameServer = 12.127.17.71 12.127.17.72 TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\35472716475737031313538373 : DHCPNameServer = 10.25.35.1 TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\C425D434D2055726C69636 : DHCPNameServer = 10.1.3.254 TCP: Interfaces\{B29B7FC2-23C7-4B44-9286-09FACA3BBEB5} : DHCPNameServer = 10.120.99.5 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ldavies\appdata\roaming\mozilla\firefox\profiles\q60g8qao.default\ FF - prefs.js: browser.startup.homepage - igoogle.com FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\ldavies\appdata\local\citrix\plugins\94\npappdetector.dll FF - plugin: c:\users\ldavies\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - plugin: c:\windows\system32\NPPLG70N.DLL FF - ExtSQL: 2013-02-01 07:14; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 MpKsl1a2ed16a;MpKsl1a2ed16a;c:\programdata\microsoft\microsoft antimalware\definition updates\{88aae5eb-c40a-4711-b938-c582b652241c}\MpKsl1a2ed16a.sys [2013-3-28 29904] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-12 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-12 682344] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672] R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-3-25 47104] R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-3-25 49152] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-5-26 143968] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-12 21104] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-25 167936] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-5-26 134144] S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-3-25 38400] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-20 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-16 1343400] . =============== Created Last 30 ================ . 2013-03-28 23:16:55 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{88aae5eb-c40a-4711-b938-c582b652241c}\MpKsl1a2ed16a.sys 2013-03-28 20:30:06 7108640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{88aae5eb-c40a-4711-b938-c582b652241c}\mpengine.dll 2013-03-27 23:35:19 7108640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-03-26 14:23:33 -------- d-----w- c:\program files\Macrovision Corporation 2013-03-26 02:50:07 -------- d-----w- c:\users\ldavies\appdata\local\Akamai 2013-03-20 23:49:31 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{24ad9560-85dd-4295-af00-260757fee297}\gapaengine.dll 2013-03-17 20:53:42 -------- d-----w- c:\users\ldavies\appdata\roaming\FLEXnet 2013-03-17 20:20:02 -------- d-----w- c:\users\ldavies\appdata\roaming\Nuance 2013-03-17 20:18:42 -------- d-----w- c:\program files\common files\ScanSoft Shared 2013-03-17 20:18:41 -------- d-----w- c:\programdata\Nuance 2013-03-17 20:18:41 -------- d-----w- c:\program files\Nuance 2013-03-17 15:27:31 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-15 22:32:46 -------- d-----w- c:\users\ldavies\appdata\roaming\Nolo 2013-03-15 22:32:44 -------- d-----w- c:\users\ldavies\appdata\local\Quicken WillMaker Plus 2013 2013-03-15 22:31:15 -------- d-----w- c:\program files\Quicken WillMaker Plus 2013 2013-03-12 19:12:56 -------- d-----w- c:\program files\Trivantis 2013-03-08 20:05:49 -------- d-----w- c:\users\ldavies\appdata\roaming\webex 2013-03-08 19:25:58 -------- d-----w- c:\programdata\WebEx 2013-03-08 18:36:29 -------- d-----r- c:\users\ldavies\appdata\roaming\Brother 2013-03-08 02:06:01 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2013-03-08 02:06:01 19352 ----a-w- c:\program files\mozilla firefox\xpcom.dll 2013-03-08 02:06:01 17887640 ----a-w- c:\program files\mozilla firefox\xul.dll 2013-03-08 02:06:00 865744 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2013-03-08 02:06:00 272280 ----a-w- c:\program files\mozilla firefox\updater.exe 2013-03-08 02:06:00 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2013-03-08 02:06:00 155544 ----a-w- c:\program files\mozilla firefox\ssl3.dll 2013-03-06 14:47:55 -------- d-----w- c:\users\ldavies\appdata\local\Citrix 2013-03-05 19:04:03 -------- d-----w- c:\users\ldavies\appdata\roaming\Sling Media 2013-03-05 19:03:57 -------- d-----w- c:\program files\Sling Media 2013-03-02 12:59:42 -------- d-----w- c:\users\ldavies\appdata\local\Screencast-O-Matic . ==================== Find3M ==================== . 2013-03-13 18:37:20 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 18:37:20 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-02 13:50:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 20:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-12 08:30:38 859552 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-01-11 13:25:11 60304 ----a-w- c:\users\ldavies\g2mdlhlpx.exe 2013-01-05 05:00:15 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-04 04:50:52 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 03:00:29 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-01-03 05:05:20 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 05:04:43 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . ============= FINISH: 19:27:02.51 =============== Attach.txt file: -------------------------- . . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 6/15/2010 1:18:51 PM System Uptime: 3/27/2013 4:20:27 PM (27 hours ago) . Motherboard: Dell Inc. | | 047MWF Processor: Intel® Core2 Duo CPU T6570 @ 2.10GHz | Microprocessor | 2079/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 218 GiB total, 170.726 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP182: 3/10/2013 10:39:35 AM - Windows Update RP183: 3/13/2013 7:57:17 PM - Windows Update RP184: 3/15/2013 6:30:51 PM - Installed Quicken WillMaker Plus 2013 RP185: 3/16/2013 8:19:30 AM - Windows Update RP186: 3/17/2013 11:27:34 AM - Windows Update RP188: 3/17/2013 4:01:44 PM - Removed Brother Software Suite RP189: 3/17/2013 4:14:53 PM - Removed PaperPort Image Printer RP190: 3/17/2013 4:15:22 PM - Removed ScanSoft PaperPort 11 RP191: 3/17/2013 4:16:21 PM - Installed MSXML 4.0 SP3 Parser RP192: 3/17/2013 4:16:54 PM - Installed Microsoft Visual C++ 2005 Redistributable RP193: 3/17/2013 4:18:01 PM - Installed Nuance PaperPort 12 RP194: 3/17/2013 4:20:18 PM - Installed Nuance PDF Viewer Plus. RP195: 3/17/2013 4:21:15 PM - Installed PaperPort Image Printer RP196: 3/19/2013 7:34:05 AM - Windows Update RP197: 3/22/2013 8:14:06 PM - Windows Update RP198: 3/25/2013 8:25:45 PM - Windows Update RP199: 3/26/2013 10:34:40 AM - Removed Nuance PDF Viewer Plus. RP200: 3/26/2013 10:37:18 AM - Removed Nuance PDF Viewer Plus. RP201: 3/27/2013 3:12:24 PM - Installed Microsoft Fix it 50229 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 3CXPhone 7+ Taskbar Tweaker v4.0 Acrobat.com Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Presenter 7 Adobe Reader XI (11.0.02) Advanced Audio FX Engine Akamai NetSession Interface Amazon Kindle AnswerWorks 5.0 English Runtime CCleaner Compatibility Pack for the 2007 Office system D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Edoc Viewer Dell Touchpad Dell Webcam Central eyeBeam 1.5.20.2 EZ Home and Office v7.0 FastStone Capture 6.5 Foxit Reader Google Advertising Cookie Opt-out Google Chrome Google Update Helper GoToMeeting 5.4.0.1082 HDAUDIO Soft Data Fax Modem with SmartCP Intel® Graphics Media Accelerator Driver Intel® TV Wizard Java 7 Update 11 Java Auto Updater Java 6 Update 26 Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Basic 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher 2010 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2007 Microsoft Publisher 2010 Microsoft Save as PDF Add-in for 2007 Microsoft Office programs Microsoft Search Enhancement Pack Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird (2.0.0.24) MSVCRT MSVCRT110 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Nuance PaperPort 12 OGA Notifier 2.0.0048.0 OpenVPN 2.2.0 Oracle VM VirtualBox 4.2.4 PaperPort Image Printer Photo Common Photo Gallery Pidgin PowerDVD DX Professor Franklin Quicken 2011 Quicken WillMaker Plus 2013 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Screencast-O-Matic Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Snagit 11 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WebEx WebSlingPlayer ActiveX Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (32-bit) WinZip 14.5 . ==== Event Viewer Messages From Past Week ======== . 3/27/2013 4:20:51 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/27/2013 4:19:38 PM, Error: Service Control Manager [7000] - The eamonm service failed to start due to the following error: The system cannot find the file specified. 3/22/2013 7:44:56 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. . ==== End Of File ===========================

I have Maywarebytes Pro and am getting a daily infection with PUM.Hijack.StartMenu, which I've been removing. I haven't noticed any slowness or other system problems. I have the DDS.txt and Attach.txt files if you need me to paste them in.