JJDetroit

Members
  • Content count

    11
  • Joined

  • Last visited

About JJDetroit

  • Rank
    New Member
  1. Couldn't find the ESET program to uninstall it, but everything else is removed. Thanks for all your help.
  2. Looking good. Even have some stuff showing up on the Taskbar and Desktop (like widgets) that weren't loading before.
  3. OK, Java is up-to-date. Anything else I need to do?
  4. Here's the ESET log. C:\Users\Owner\AppData\LocalLow\ReferenceBoss_1pEI\Installr\Cache\05172F15.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4eb8dbcf-165ccfbb multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\45befe93-14131d8f multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\112967c2-4609a4e0 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\403d4a18-222345aa multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\37cbf7dd-35a2f8e9 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\d983d1d-3078d514 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\254e7004-5ddd6d14 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\6d247ee9-3e5e06b8 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\aa0bf6a-27bc0def-temp multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application deleted - quarantined C:\Users\Owner\Downloads\Avery Wizard 4.01 - US 20111209.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined C:\Users\Owner\Downloads\FreeSpiderSolitaire.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined C:\Users\Owner\Downloads\PC_Speed.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\Owner\Downloads\PIP2671_AVR37_ (1).exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined C:\Users\Owner\Downloads\PIP2671_AVR37_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
  5. Here are the log files for the tools I was told to use. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.9 (07.30.2013:1) OS: Windows 7 Home Premium x86 Ran by Owner on Wed 07/31/2013 at 16:37:52.90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2716878406-3172828151-1382487044-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\iehelperv2.5.0.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\scripthelper.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\viprotocol.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{1fdff5a2-7bb1-48e1-8081-7236812b12b2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4fbbf769-eceb-420a-b536-133b1d505c36} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{bb711cb0-c70b-482e-9852-ec05ebd71dbb} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{4e92db5f-aad9-49d3-8eab-b40cbe5b1ff7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{933b95e2-e7b7-4ad9-b952-7ac336682ae3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{b658800c-f66e-4ef3-ab85-6c0c227862a9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{de9028d0-5ffa-4e69-94e3-89ee8741f468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f25af245-4a81-40dc-92f9-e9021f207706} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f773bb94-6c19-4643-a570-0e429103d1c3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{03e2a1f3-4402-4121-8b35-733216d61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{4e92db5f-aad9-49d3-8eab-b40cbe5b1ff7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e3b11f6-4179-4603-a71b-a55f4bcb0bec} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{c401d2ce-dc27-45c7-bc0c-8e6ea7f085d6} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{f773bb94-6c19-4643-a570-0e429103d1c3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{74fb6afd-dd77-4ceb-83bd-ab2b63e63c93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{9c049ba6-ea47-4ac3-aed6-a66d8dc9e1d8} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{b12920cf-be13-4c09-890d-1b6efffe2fbe} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{c2ac8a0e-e48e-484b-a71c-c7a937faab94} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{d824f0de-3d60-4f57-9eb1-66033ecd8abb} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{8f0b76e1-4e46-427b-b55b-b90593468ac6} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{d824f0de-3d60-4f57-9eb1-66033ecd8abb} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{f25af245-4a81-40dc-92f9-e9021f207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savingsapp_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\savingsapp_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{c6fdd0c3-266a-4dc3-b459-28c697c44cdc} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{f25af245-4a81-40dc-92f9-e9021f207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1225097 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2724386 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3018509 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3131886 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT654402 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{60B20C76-04F3-4021-A93D-EF47BDE03DFC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B6803721-4A49-4CD5-9300-7971454252AF} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{02C687BF-E3AD-4DE3-ACDF-C278CFC4642D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef" ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] C:\Users\Owner\AppData\LocalLow\FCTB000060231 Successfully deleted: [Folder] "C:\ProgramData\speedypc software" Successfully deleted: [Folder] "C:\ProgramData\trymedia" Successfully deleted: [Folder] "C:\ProgramData\wecarereminder" Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\speedypc software" Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\apn" Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\savingsapp" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\comcasttb" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\iac" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\referenceboss_1p" Successfully deleted: [Folder] "C:\Program Files\comcasttb" Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com" Successfully deleted: [Folder] "C:\Program Files\rivalgaming" Successfully deleted: [Folder] "C:\Program Files\totalrecipesearch_14ei" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rivalgaming" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 07/31/2013 at 16:39:45.97 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Logfile created 07/31/2013 at 16:41:16 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Owner - OWNER-PC # Boot Mode : Normal # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader Folder Deleted : C:\Users\Owner\Documents\DealRunner ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\SavingsApp Key Deleted : HKCU\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F} Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\FCTB000060231 Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c7f7152cf43a2a612099a130a730f79f Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [12874 octets] - [31/07/2013 16:37:20] AdwCleaner[R2].txt - [4579 octets] - [31/07/2013 16:40:21] AdwCleaner[s1].txt - [4585 octets] - [31/07/2013 16:41:16] ########## EOF - C:\AdwCleaner[s1].txt - [4645 octets] ########## ComboFix 13-07-31.02 - Owner 07/31/2013 16:49:12.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1780 [GMT -4:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Owner\Documents\~WRL0001.tmp c:\windows\system32\SET2B12.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_pcCMService . . ((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-31 ))))))))))))))))))))))))))))))) . . 2013-07-31 20:57 . 2013-07-31 21:01 -------- d-----w- c:\users\Owner\AppData\Local\temp 2013-07-31 20:57 . 2013-07-31 20:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-07-31 20:41 . 2013-07-31 20:41 115 ----a-w- c:\windows\DeleteOnReboot.bat 2013-07-31 20:37 . 2013-07-31 20:37 -------- d-----w- c:\windows\ERUNT 2013-07-31 20:18 . 2011-10-18 13:26 161728 ----a-w- c:\program files\1pres.dll 2013-07-31 20:05 . 2013-07-31 20:05 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-07-31 20:05 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E49FF5C-31BC-4261-B6FF-74E40C5799F4}\mpengine.dll 2013-07-28 15:10 . 2013-07-28 15:10 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG2013 2013-07-28 15:09 . 2013-07-28 15:09 -------- d-----w- c:\users\Owner\AppData\Local\AVG SafeGuard toolbar 2013-07-28 15:09 . 2013-07-28 15:09 -------- d-----w- c:\users\Owner\AppData\Roaming\TuneUp Software 2013-07-28 15:09 . 2013-07-31 19:58 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-07-28 15:09 . 2013-07-28 16:23 -------- d-----w- c:\programdata\AVG SafeGuard toolbar 2013-07-28 15:09 . 2013-07-31 20:41 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2013-07-28 15:09 . 2013-07-31 19:58 -------- d-----w- c:\program files\AVG SafeGuard toolbar 2013-07-28 15:07 . 2013-07-28 15:10 -------- d-----w- c:\programdata\AVG2013 2013-07-28 14:53 . 2013-07-31 20:06 -------- d-----w- c:\programdata\MFAData 2013-07-28 14:53 . 2013-07-28 22:28 -------- d-----w- c:\users\Owner\AppData\Local\Avg2013 2013-07-28 14:53 . 2013-07-28 14:53 -------- d-----w- c:\users\Owner\AppData\Local\MFAData 2013-07-21 21:43 . 2013-07-21 21:43 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-07-20 05:51 . 2013-07-20 05:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-07-20 05:50 . 2013-07-20 05:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-07-20 05:50 . 2013-07-20 05:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-07-20 05:50 . 2013-07-20 05:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-07-17 13:18 . 2013-07-21 21:54 -------- d-----w- c:\users\Owner\AppData\Local\KB6750123 2013-07-11 04:58 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-11 04:58 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-11 04:58 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 04:58 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-11 04:58 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-11 04:58 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-11 04:58 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-11 04:58 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-11 04:58 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-11 04:58 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-11 04:58 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-10 05:32 . 2013-07-10 05:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-21 21:59 . 2012-04-04 12:54 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-21 21:59 . 2011-05-17 12:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-01 05:45 . 2013-07-01 05:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2013-06-08 19:44 . 2012-04-20 21:25 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2013-06-08 19:44 . 2012-04-20 21:25 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2013-06-08 19:44 . 2012-04-20 21:25 31560 ----a-w- c:\windows\system32\LMIport.dll 2013-06-08 19:44 . 2012-04-20 21:25 92488 ----a-w- c:\windows\system32\LMIinit.dll 2013-06-02 13:45 . 2012-04-20 21:25 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2013-05-13 04:45 . 2013-06-12 11:26 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-12 11:26 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 11:26 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-12 11:26 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 11:26 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-12 11:26 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-12 11:26 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-12 11:26 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-12 11:26 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2013-05-07 1984000] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880] "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-03-23 295512] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440] . c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\ Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-03-30 15:04 116648 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2006-12-08 15:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro] 2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] 2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 136176] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 136176] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-07-21 31560] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-09 1343400] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-20 60216] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-20 246072] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-07-10 39224] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-20 171320] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-07-31 37664] S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2013-06-08 375120] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-06-02 13624] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2013-05-22 101552] S2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [2013-05-07 342528] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056] S2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-07-31 1616048] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856] S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:59] . 2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 12:54] . 2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-26 12:54] . 2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2716878406-3172828151-1382487044-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30 15:04] . 2013-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2716878406-3172828151-1382487044-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-30 15:04] . 2013-07-11 c:\windows\Tasks\HPCeeScheduleForOwner.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-28 19:10] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local;<local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: $talisma_url$ TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - (no file) WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) WebBrowser-{F9BBF004-6E40-4019-8214-C43A37E1D058} - (no file) SafeBoot-mbamchameleon MSConfigStartUp-ReferenceBoss_1p Browser Plugin Loader - c:\progra~1\REFERE~2\bar\1.bin\1pbrmon.exe AddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe AddRemove-Video Downloader - c:\program files\vGrabber-software\uninstall.exe AddRemove-CodecDivX - c:\program files\DivX Codec\3.2\Uninstall.exe AddRemove-CodecXVID - c:\program files\XVID Codec\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2013\avgrsx.exe c:\program files\AVG\AVG2013\avgcsrvx.exe c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\windows\system32\taskhost.exe c:\windows\system32\rundll32.exe c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe c:\program files\Microsoft Mouse and Keyboard Center\itype.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\AVG\AVG2013\avgnsx.exe c:\program files\AVG\AVG2013\avgemcx.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\AVG\AVG2013\avgcsrvx.exe c:\windows\system32\conhost.exe c:\windows\System32\WUDFHost.exe c:\windows\RtHDVCpl.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\windows\system32\taskhost.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2013-07-31 17:05:41 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-31 21:05 . Pre-Run: 242,337,951,744 bytes free Post-Run: 243,091,533,824 bytes free . - - End Of File - - 9CB2844C4606808C10F5C70ED5F48ADE A36C5E4F47E84449FF07ED3517B43A31
  6. Sorry. Here they are. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.9.2 Run by Owner at 18:07:23 on 2013-07-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1853 [GMT -4:00] . AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ATT-SST\pcTrayApp.exe C:\Windows\system32\taskeng.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\hp\support\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\real\realplayer\Update\realsched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Windows\system32\conhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\rundll32.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\Program Files\Common Files\Motive\pcServiceHost.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\ReferenceBoss_1p\bar\1.bin\1pbarsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uURLSearchHooks: <No Name>: {3a7f3254-eafa-4dbc-b4f3-0d40916f3352} - c:\program files\referenceboss_1p\bar\1.bin\1pSrcAs.dll mURLSearchHooks: Game Master 2.1 Toolbar: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - c:\program files\game_master_2.1\prxtbGame.dll mURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll mURLSearchHooks: NPR Radio Toolbar: {f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82} - c:\program files\npr_radio\tbNPR_.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Toolbar BHO: {090e3203-df81-4ff6-bba7-a178bbc3a774} - c:\program files\referenceboss_1p\bar\1.bin\1pbar.dll BHO: Search Assistant BHO: {15da6705-4bfa-47c3-95fa-955b71d8f9e1} - c:\program files\referenceboss_1p\bar\1.bin\1pSrcAs.dll BHO: Game Master 2.1 Toolbar: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - c:\program files\game_master_2.1\prxtbGame.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - <orphaned> BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: NPR Radio Toolbar: {f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82} - c:\program files\npr_radio\tbNPR_.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Game Master 2.1 Toolbar: {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - c:\program files\game_master_2.1\prxtbGame.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: ReferenceBoss: {C4676D53-FCE5-4A19-BE4D-97E6EAF7E19A} - c:\program files\referenceboss_1p\bar\1.bin\1pbar.dll TB: IncrediMail MediaBar 2 Toolbar: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll TB: NPR Radio Toolbar: {F2C96FF5-E7BD-4FC5-9B71-1D3BD0B6BF82} - c:\program files\npr_radio\tbNPR_.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Game Master 2.1 Toolbar: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - c:\program files\game_master_2.1\prxtbGame.dll TB: ReferenceBoss: {c4676d53-fce5-4a19-be4d-97e6eaf7e19a} - c:\program files\referenceboss_1p\bar\1.bin\1pbar.dll TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll TB: NPR Radio Toolbar: {f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82} - c:\program files\npr_radio\tbNPR_.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: $talisma_url$ TCP: NameServer = 192.168.1.254 TCP: Interfaces\{687AE678-1483-4490-B512-B43F9E138B11} : DHCPNameServer = 192.168.1.254 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2013-3-5 25168] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2013-3-5 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2013-3-5 226016] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2013-3-5 29712] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2013-3-5 243152] R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2013-2-16 401920] R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2013-3-5 921952] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2013-3-5 308136] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2013-3-5 5897808] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 375120] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 13624] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-4-20 47640] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-5 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-5 701512] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2013-6-5 101552] R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-6-19 369152] R2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-6-19 342528] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056] R2 ReferenceBoss_1pService;ReferenceBossService;c:\program files\referenceboss_1p\bar\1.bin\1pbarsvc.exe [2011-10-18 42504] R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2013-3-5 122448] R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2013-3-5 30288] R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2013-3-5 20560] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-5 22856] R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-3-29 315392] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-21 31560] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-9 1343400] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?] . =============== Created Last 30 ================ . 2013-07-21 21:43:10 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-07-17 13:18:58 -------- d-----w- c:\users\owner\appdata\local\KB6750123 2013-07-11 07:05:56 -------- d-----w- C:\d38a8bcb7c4a7b58ecb49b6b 2013-07-11 04:58:43 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-11 04:58:42 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-11 04:58:33 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2013-07-11 04:58:33 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll 2013-07-11 04:58:33 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2013-07-11 04:58:32 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL 2013-07-11 04:58:31 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-11 04:58:30 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-11 04:58:29 680960 ----a-w- c:\program files\windows defender\MpSvc.dll 2013-07-11 04:58:29 392704 ----a-w- c:\program files\windows defender\MpClient.dll 2013-07-11 04:58:29 224768 ----a-w- c:\program files\windows defender\MpCommu.dll 2013-07-01 13:20:34 -------- d-----w- c:\users\owner\appdata\roaming\AVG9 2013-06-25 17:28:20 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2013-06-25 17:28:15 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bc9c5753-450e-43b2-b664-7d0043899b92}\mpengine.dll 2013-06-22 23:41:11 -------- d-----w- c:\users\owner\appdata\local\KB0092488 . ==================== Find3M ==================== . 2013-07-21 21:59:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-21 21:59:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-06-08 19:44:57 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2013-06-08 19:44:57 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2013-06-08 19:44:54 92488 ----a-w- c:\windows\system32\LMIinit.dll 2013-06-08 19:44:54 31560 ----a-w- c:\windows\system32\LMIport.dll 2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-02 13:45:22 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll . ============= FINISH: 18:09:02.57 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/8/2012 8:44:39 AM System Uptime: 7/21/2013 6:04:32 PM (0 hours ago) . Motherboard: ASUSTek Computer INC. | | NARRA3 Processor: AMD Athlon 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 326 GiB total, 225.07 GiB free. D: is FIXED (NTFS) - 9 GiB total, 1.272 GiB free. E: is CDROM () F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP98: 4/2/2013 4:37:54 PM - Windows Update RP99: 4/6/2013 10:46:39 AM - Windows Update RP100: 4/10/2013 7:37:08 AM - Windows Update RP101: 4/10/2013 7:08:57 PM - Windows Update RP102: 4/12/2013 7:53:31 PM - Windows Update RP103: 4/16/2013 7:39:47 AM - Windows Update RP104: 4/19/2013 2:38:29 PM - Windows Update RP105: 4/23/2013 11:55:28 AM - Windows Update RP106: 4/25/2013 3:00:59 AM - Windows Update RP107: 4/29/2013 10:15:57 AM - Windows Update RP108: 5/2/2013 6:35:50 PM - Windows Update RP109: 5/6/2013 3:23:21 PM - Windows Update RP110: 5/10/2013 8:33:38 AM - Windows Update RP111: 5/13/2013 10:56:07 AM - Windows Update RP112: 5/16/2013 7:47:45 PM - Windows Update RP113: 5/20/2013 8:37:36 AM - Windows Update RP114: 5/23/2013 9:54:31 AM - Windows Update RP116: 5/24/2013 8:38:04 AM - Avg Update RP117: 5/27/2013 12:42:06 PM - Windows Update RP118: 5/31/2013 8:22:44 AM - Windows Update RP119: 6/4/2013 8:19:47 AM - Windows Update RP120: 6/7/2013 3:46:56 PM - Windows Update RP122: 6/8/2013 9:04:44 AM - Avg Update RP123: 6/10/2013 9:19:26 PM - Windows Update RP124: 6/12/2013 7:01:46 PM - Windows Update RP125: 6/16/2013 12:57:38 PM - Windows Update RP126: 6/19/2013 5:14:38 PM - Windows Update RP127: 6/23/2013 7:49:07 PM - Windows Update RP129: 6/26/2013 8:02:03 AM - Avg Update RP130: 7/5/2013 12:49:41 PM - Scheduled Checkpoint RP131: 7/11/2013 3:00:27 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.7) Adobe Shockwave Player 11.5 AIO_Scan Amazon Games & Software Downloader Apple Application Support Apple Mobile Device Support Apple Software Update AT&T Troubleshoot & Resolve Tool att.net Internet Mail Avery Wizard 4.0 AVG 9.0 Bejeweled 2 Deluxe Bejeweled 3 Bejeweled Blitz Bejeweled Deluxe 1.87 Bing Rewards Client Installer Bonjour Bookworm Deluxe BufferChm C8100 C8100_doccd C8100_Help CA Pest Patrol Realtime Protection Cards_Calendar_OrderGift_DoMorePlugout Compatibility Pack for the 2007 Office system Copy CustomerResearchQFolder CWA Reminder by We-Care.com v4.1.17.3 CyberLink DVD Suite Deluxe Destination Component DeviceDiscovery DeviceManagementQFolder Dig Dug DivX Codec DocProc DocProcQFolder DriverDoc Enhanced Multimedia Keyboard Solution eSupportQFolder Expert PDF 7 Reader Fax Firefox Windows Media Player XPI Free Spider Solitaire 2012 v3.0 Game Master 2.1 Toolbar Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hardware Diagnostic Tools HELP Hewlett-Packard Active Check Hewlett-Packard Asset Agent for Health Check HP Advisor HP Customer Experience Enhancements HP Customer Feedback HP Customer Participation Program 9.0 HP Demo HP Easy Setup - Frontend HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP On-Screen Cap/Num/Scroll Lock Indicator HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.5 HP Picasso Media Center Add-In HP Product Assistant HP Smart Web Printing 4.60 HP Solution Center 9.0 HP Update HPDiagnosticAlert HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply IncrediMail MediaBar 2 Toolbar iTunes Java 7 Update 9 Java Auto Updater LabelPrint LightScribe System Software LightScribeTemplateLabeler LogMeIn Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch McAfee SiteAdvisor Microsoft .NET Framework 4 Client Profile Microsoft Mouse and Keyboard Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Home and Student 60 day trial Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Store Download Manager Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Move Media Player MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee autoProducer 6.1 My HP Games NPR_Radio Toolbar NVIDIA Control Panel 307.83 NVIDIA Drivers NVIDIA Graphics Driver 307.83 NVIDIA Install Application NVIDIA Update 1.10.8 NVIDIA Update Components OGA Notifier 2.0.0048.0 PanoStandAlone Picasa 3 Plants vs. Zombies PowerDirector PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_min PSSWCORE Python 2.5 QuickTime RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 ReferenceBoss RoxioShim Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition SmartWebPrinting Snapfish Picture Mover Soft Data Fax Modem with SmartCP SolutionCenter Status The Weather Channel Desktop 6 Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Video Downloader VideoLAN VLC media player 0.8.6f VideoToolkit01 WeatherBug Gadget WebIQ Technology Engine WebReg Windows Live ID Sign-in Assistant Windows Media Player Firefox Plugin WinSweeper 1.1 XVID Codec Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 7/21/2013 6:07:05 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 7/21/2013 5:54:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/21/2013 5:41:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 7/21/2013 5:41:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 7/21/2013 5:41:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3} 7/21/2013 5:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/21/2013 5:40:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/21/2013 12:31:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/20/2013 12:31:43 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/20/2013 12:31:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/20/2013 12:31:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 discache spldr Wanarpv6 7/19/2013 4:35:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 7/17/2013 8:59:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 7/17/2013 8:59:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 7/17/2013 8:58:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/17/2013 8:57:17 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/17/2013 8:57:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 7/17/2013 8:27:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 7/17/2013 7:58:49 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 7/17/2013 5:03:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 7/17/2013 3:29:32 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 7/17/2013 3:29:32 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 7/17/2013 3:29:32 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service has not been started. 7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress. 7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The pipe has been ended. 7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress. 7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress. 7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 7/17/2013 3:29:32 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress. 7/17/2013 3:29:29 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846. 7/17/2013 3:29:29 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032. 7/17/2013 2:27:32 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 7/17/2013 2:27:32 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure. 7/17/2013 2:27:32 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: A system shutdown is in progress. 7/17/2013 2:27:32 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress. 7/17/2013 2:27:32 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure. 7/17/2013 2:27:32 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress. 7/17/2013 2:27:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 7/17/2013 2:27:30 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/17/2013 2:27:29 PM, Error: Service Control Manager [7023] - The hpqcxs08 service terminated with the following error: %%-2147467243 7/17/2013 2:27:16 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 7/14/2013 11:26:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. . ==== End Of File ===========================
  7. Following your instructions, I removed the 4 toolbars, then ran mbar.exe. I was not shown any log files when the program finished. Then I ran fixdamage.exe, and once again I was not shown any log files afterwards. I then ran the DDS program again, and have attached the log files it produces. DDS.txt Attach.txt
  8. I'd like to try to clean the PC up without reformatting and reinstalling Windows first. It's an HP desktop that does have a System Recovery available, but using that is my last resort.
  9. Here are the DDS log files. Does it matter that I had to run DDS in Safe Mode? DDS.txt Attach.txt
  10. A friend of mine has gotten infected with this, in spite of running AVG 9.0 and MBAM Pro, on his Win7 Home Premium desktop.DDS.txtAttach.txt
  11. A friend of mine has MBAM Pro installed on a Win7 desktop. A couple weeks ago he got a piece of ransomware that I was able to remove only by starting the PC in Safe Mode and running a Full Scan with MBAM. Tuesday he got ZEROACCESS, which once again I could only remove by running MBAM in Safe Mode. I see from reading forum messages that this rootkit has been known for some time. Shouldn't MBAM Pro be able to stop this? Does this mean MBAM is not configured properly?