AdAware 10 won't start on Windows Vista
When I run ad-aware 10 (I have the newest version) nothing happens at all. I get no error messages, no warnings, notifications, or anything. Nothing happens at all. Also in the help & security center, is says ad-aware is temporarly disabled and is 'snoozing'. I tried running ad-aware in safe mode, that didn't work. I also tried reinstalling it many times.
Here's my system info.
OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6002 Service Pack 2 Build 6002
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name (My computer name)
System Manufacturer Dell Inc.
System Model Inspiron 530
System Type X86-based PC
Processor Intel® Core™2 Duo CPU E6550 @ 2.33GHz, 2331 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date Dell Inc. 1.0.10, 12/15/2007
SMBIOS Version 2.5
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume3
Locale United States
Hardware Abstraction Layer Version = "6.0.6002.18005"
User Name (My user name)
Time Zone Central Daylight Time
Installed Physical Memory (RAM) 3.00 GB
Total Physical Memory 2.99 GB
Available Physical Memory 1.33 GB
Total Virtual Memory 6.21 GB
Available Virtual Memory 4.58 GB
Page File Space 3.28 GB
Page File C:\pagefile.sys
Here's my system info.
OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6002 Service Pack 2 Build 6002
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name (My computer name)
System Manufacturer Dell Inc.
System Model Inspiron 530
System Type X86-based PC
Processor Intel® Core™2 Duo CPU E6550 @ 2.33GHz, 2331 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date Dell Inc. 1.0.10, 12/15/2007
SMBIOS Version 2.5
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume3
Locale United States
Hardware Abstraction Layer Version = "6.0.6002.18005"
User Name (My user name)
Time Zone Central Daylight Time
Installed Physical Memory (RAM) 3.00 GB
Total Physical Memory 2.99 GB
Available Physical Memory 1.33 GB
Total Virtual Memory 6.21 GB
Available Virtual Memory 4.58 GB
Page File Space 3.28 GB
Page File C:\pagefile.sys
0
-
In LS Ann's description, it said to kill AdAware.exe, all AdAwareLauncher.exe and AdAwareService.exe in the task manager, but they are not open. I followed her second solution, and nothing happened.
Also I have the following programs:
-Spybot Search and Destroy
-Malwarebyte's anti-malware
-Windows Defender0 -
Hi HelpMe12345,
Is it behaving as LS Ann describes in http://www.lavasoftsupport.com/index.php?/topic/32398-solution-if-ad-aware-does-not-start-after-clicking-program-icon/ ?
Do you have another antivirus or similar program installed?0 -
OK, thank you. Also, here is a screenshot I took of the security center. 0 -
Spybot S&D (TeaTimer) controls what is entered into some parts of the registry. If it stops the Ad-Aware installation program from adding a program to the list of programs that will be started automatically, Ad-Aware will not start. I suggest that you are sure that Spybot, including TeaTimer, is turned off before you install Ad-Aware. 0 -
Ok, let us see if which Ad-Aware drivers and services have been added to the registry. Save DDS to your desktop: http://download.bleepingcomputer.com/sUBs/dds.scr
Double-click on the DDS tool to run it.
When finished, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save them to your desktop and paste their content into your answer.0 -
Ok, I uninstalled spybot, uninstalled ad-aware, restarted my computer, installed ad aware, and after the new installation, it still does not open. 0 -
According to the logs you recently had Avast and AVG installed. Have you run their special removal/clean-up programs after uninstalling them?
Do you have Microsoft Security Essentials installed?
Are there several user accounts in the computer?
Have Ad-Aware been installed with one account and uninstalled with another? Or have you used "Run as administrator" when you installed or uninstalled Ad-Aware?
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
Those two registry entries should Windows only run once and then delete (probably during the restart after uninstall of Ad-Aware), but they are still there. Maybe Windows then will continue to delete necessary Ad-Aware information from the registry after each restart of the computer.
The Ad-Aware Services are there but they aren't running.
P.S. This is an old version with known vulnerabilities:
Java™ SE Runtime Environment 6
You should uninstall it.0 -
OK, here is DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by JT at 16:57:05 on 2012-06-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1881 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\RtHDVCpl.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4WZPH_enUS451
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SDE5E.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SE2D1.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{6464EB9C-D332-449A-9306-D9BF50D896D4} : DhcpNameServer = 192.168.11.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6602d08f-aa45-4e6e-a466-2cbedf731f62%7D&mid=842549be547b47d1a1f4d1544f6dbb71-fbd19c0f95a374fa4daef549a6b5e41a63dccc4d&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-05-31%2022%3A27%3A36&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-2 335224]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2012-6-2 217976]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95200]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-6-2 77816]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-6-2 94584]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-6-2 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-6-2 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
.
=============== Created Last 30 ================
.
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-06-02 18:15:49 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware
2012-06-02 18:15:29 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-06-02 18:15:28 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-06-02 18:15:28 217976 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-06-02 18:14:06 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-06-02 18:14:05 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-06-02 18:14:01 -------- d-----w- c:\windows\system32\drivers\VDD
2012-06-02 18:12:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus
2012-06-02 05:30:26 -------- d-----w- c:\users\jt.jared-pc\appdata\local\RoHack_LTD
2012-06-02 01:57:37 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\StreamTorrent
2012-06-02 01:57:37 -------- d-----w- c:\program files\StreamTorrent 1.0
2012-06-01 17:27:58 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07bd90c3-e787-4b16-8508-f53e8fa0df01}\mpengine.dll
2012-06-01 17:27:51 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2012-06-01 02:46:37 -------- d-----w- C:\Free File Opener
2012-06-01 01:27:28 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-05-30 00:52:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\SanDisk
2012-05-29 05:00:27 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1240c88a-a1e7-4ae9-b30c-78ca62121b45}\mpengine.dll
2012-05-28 05:37:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-28 05:37:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-28 05:37:28 -------- d-----w- c:\program files\iPod
2012-05-28 05:37:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-28 05:37:27 -------- d-----w- c:\program files\iTunes
2012-05-28 05:35:05 -------- d-----w- c:\program files\Bonjour
2012-05-18 00:56:04 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\COWON
2012-05-18 00:52:58 -------- d-----w- c:\program files\common files\COWON
2012-05-18 00:52:57 -------- d-----w- c:\program files\JetAudio
2012-05-17 22:10:31 -------- d-----w- c:\program files\Microsoft Mathematics
2012-05-17 02:17:09 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\OpenOffice.org
2012-05-17 01:52:11 -------- d-----w- c:\program files\OpenOffice.org 3
2012-05-14 23:22:20 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\TeamViewer
2012-05-14 23:20:50 -------- d-----w- c:\program files\TeamViewer
2012-05-13 19:35:32 -------- d-----w- c:\program files\Microsoft Calculator Plus
2012-05-13 00:08:07 -------- d-----w- c:\program files\Oracle
2012-05-13 00:06:39 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-12 23:09:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2012-05-11 18:43:30 -------- d-----w- C:\IObit
2012-05-10 01:15:51 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 01:15:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 01:15:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 01:15:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 01:15:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 01:15:47 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 01:15:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-10 01:14:33 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 01:14:20 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 01:14:20 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 01:14:20 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 01:14:20 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-10 01:14:20 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 01:14:19 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-05-10 01:13:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 01:13:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 01:13:47 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 22:07:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-09 22:07:28 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-09 22:07:28 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-09 11:46:57 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Auslogics
2012-05-09 11:46:54 -------- d-----w- c:\program files\Auslogics
2012-05-09 02:27:43 -------- d-----w- c:\programdata\GFI Software
2012-05-08 23:44:59 -------- d-----w- c:\programdata\IObit
2012-05-08 23:44:47 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\IObit
2012-05-08 23:44:38 -------- d-----w- c:\program files\IObit
2012-05-08 23:43:18 -------- d-----w- c:\program files\Defraggler
.
==================== Find3M ====================
.
2012-05-09 00:35:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 00:35:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 16:57:29.43 ===============
And here is attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/20/2008 1:17:04 PM
System Uptime: 6/2/2012 1:19:05 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 308.99 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.989 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1621: 5/18/2012 12:30:06 PM - Windows Update
RP1622: 5/19/2012 11:04:46 PM - Scheduled Checkpoint
RP1623: 5/20/2012 3:00:13 AM - Windows Update
RP1624: 5/20/2012 5:56:41 PM - Scheduled Checkpoint
RP1625: 5/20/2012 10:47:51 PM - Windows Update
RP1626: 5/21/2012 2:34:52 PM - Scheduled Checkpoint
RP1627: 5/21/2012 3:20:57 PM - Windows Update
RP1628: 5/21/2012 3:31:44 PM - Restore Operation
RP1629: 5/21/2012 3:41:16 PM - Windows Update
RP1630: 5/21/2012 10:21:15 PM - Windows Update
RP1631: 5/24/2012 8:48:30 PM - Scheduled Checkpoint
RP1632: 5/25/2012 11:22:02 AM - Windows Update
RP1633: 5/25/2012 11:34:03 AM - avast! Internet Security Setup
RP1634: 5/25/2012 2:09:46 PM - Windows Update
RP1635: 5/27/2012 12:52:55 PM - Windows Update
RP1636: 5/28/2012 12:35:18 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP1637: 5/28/2012 12:36:01 AM - Device Driver Package Install: Apple Network adapters
RP1638: 5/28/2012 12:36:57 AM - Installed iTunes
RP1639: 5/28/2012 3:00:10 AM - Windows Update
RP1640: 5/28/2012 11:58:57 PM - Windows Update
RP1641: 5/29/2012 3:00:11 AM - Windows Update
RP1642: 5/29/2012 8:43:03 PM - Scheduled Checkpoint
RP1643: 5/30/2012 3:00:11 AM - Windows Update
RP1644: 5/31/2012 7:18:53 PM - Windows Update
RP1645: 5/31/2012 7:20:08 PM - Removed Ad-Aware Antivirus.
RP1646: 5/31/2012 8:07:13 PM - Windows Update
RP1647: 5/31/2012 8:11:39 PM - Removed Ad-Aware Antivirus.
RP1648: 5/31/2012 8:16:24 PM - Removed Ad-Aware Antivirus.
RP1649: 5/31/2012 9:57:32 PM - Removed Ad-Aware Antivirus.
RP1650: 5/31/2012 11:43:30 PM - Windows Update
RP1651: 6/1/2012 12:17:26 PM - Windows Update
RP1652: 6/1/2012 12:20:21 PM - Windows Update
RP1653: 6/1/2012 12:50:05 PM - Windows Update
RP1654: 6/1/2012 6:58:20 PM - Removed AVG 2012
RP1655: 6/1/2012 7:00:54 PM - Removed AVG 2012
RP1656: 6/2/2012 12:45:02 AM - Windows Update
RP1657: 6/2/2012 1:05:50 PM - Removed Ad-Aware Antivirus.
.
==== Installed Programs ======================
.
7-Zip 9.20
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Auslogics Disk Defrag Professional
Bonjour
Browser Address Error Redirector
CCleaner
Combat Arms
COWON Media Center - jetAudio Basic VX
Defraggler
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Epson CreativeZone
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 840 Series Printer Uninstall
EpsonNet Print
Finding Nemo UWF
Finding Nemo: Nemo's Underwater World of Fun
foobar2000 v1.1.11
Free File Opener
Google Chrome
Google Desktop
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Index.dat Analyzer v2.0
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0
Intel® TV Wizard
iTunes
Java Auto Updater
Java™ 6 Update 31
Java™ 7 Update 4
Java™ SE Runtime Environment 6
JavaFX 2.1.0
Mabinogi
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Mathematics
Microsoft Office 2003 Resource Kit
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
Nexon Game Manager
OGA Notifier 2.0.0048.0
OpenOffice.org 3.4
Pando Media Booster
PDF Tablet 0.1
Product Documentation Launcher
QuickTime
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva
Roblox
Roblox for JT
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Sansa Updater
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
StreamTorrent 1.0
System Requirements Lab CYRI
System Requirements Lab for Intel
TeamViewer 7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Video Driver
User's Guides
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
Windows Live ID Sign-in Assistant
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/2/2012 4:31:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware Service service to connect.
6/2/2012 4:31:21 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/2/2012 12:46:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
6/2/2012 1:22:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
6/2/2012 1:21:06 PM, Error: Service Control Manager [7023] -
6/2/2012 1:21:06 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the path specified.
6/2/2012 1:21:06 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: Cannot create a file when that file already exists.
6/2/2012 1:10:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
6/1/2012 12:52:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
5/31/2012 9:56:50 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.
5/31/2012 9:46:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
5/31/2012 7:14:40 PM, Error: EventLog [6008] - The previous system shutdown at 4:52:04 PM on 5/30/2012 was unexpected.
5/31/2012 10:27:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/31/2012 10:19:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
5/31/2012 10:18:30 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/31/2012 10:17:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
5/31/2012 10:17:10 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/31/2012 10:17:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/31/2012 10:17:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/31/2012 10:17:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/31/2012 10:17:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/31/2012 10:16:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/31/2012 10:16:30 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
5/31/2012 10:16:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/29/2012 7:37:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/29/2012 4:08:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/29/2012 12:17:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/29/2012 11:38:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
5/29/2012 11:37:17 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).
5/28/2012 12:30:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/28/2012 11:54:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/27/2012 12:49:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
I Will also attatch them.0 -
Thanks for the notice on java, that explains why some sites don't work properly /biggrin.png' class='bbc_emoticon' alt=':D' />
I will run the removal tools for Avast and AVG. I used to use avast and ad-aware, but I found out those programs did't work properly together, so I uninstalled avast. I ran AVG before I started this topic, because I thought maybe spyware or malware could be causing the program. I have not tried running the ad aware installer as an administrator, so I will uninstall ad aware and run the installer as an administrator. I also do have multiple user accounts on this computer. I will try all these solutions and give you the results once I do.0 -
OK, there are 6 user accounts on this computer. I ran the uninstaller and the installer as an administrator, restarted, ran ad-aware and nothing happened. There is no removal tool for AVG and avast. Also, I don't have Microsoft Security Essentials installed. What should I do? 0 -
AVG Remover: http://www.avg.com/ww-en/utilities
Avast Uninstall: http://www.avast.com/uninstall-utility
Uninstall Ad-Aware again. Restart the computer, run DDS and paste DDS.txt into your answer.
Have you used the register editor, regedit, before?0 -
OK, I ran both of those. I think I have used regedit before.
Anyways, DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by JT at 13:06:23 on 2012-06-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.2087 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4WZPH_enUS451
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SDE5E.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SE2D1.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{6464EB9C-D332-449A-9306-D9BF50D896D4} : DhcpNameServer = 192.168.11.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6602d08f-aa45-4e6e-a466-2cbedf731f62%7D&mid=842549be547b47d1a1f4d1544f6dbb71-fbd19c0f95a374fa4daef549a6b5e41a63dccc4d&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-05-31%2022%3A27%3A36&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95200]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
.
=============== Created Last 30 ================
.
2012-06-05 03:00:04 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware
2012-06-05 02:57:51 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus
2012-06-04 05:26:47 -------- d-----w- c:\program files\Oracle
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-06-02 01:57:37 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\StreamTorrent
2012-06-02 01:57:37 -------- d-----w- c:\program files\StreamTorrent 1.0
2012-06-01 17:27:58 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07bd90c3-e787-4b16-8508-f53e8fa0df01}\mpengine.dll
2012-06-01 17:27:51 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2012-06-01 02:46:37 -------- d-----w- C:\Free File Opener
2012-06-01 01:27:28 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-05-30 00:52:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\SanDisk
2012-05-29 05:00:27 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1240c88a-a1e7-4ae9-b30c-78ca62121b45}\mpengine.dll
2012-05-28 05:37:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-28 05:37:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-28 05:37:28 -------- d-----w- c:\program files\iPod
2012-05-28 05:37:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-28 05:37:27 -------- d-----w- c:\program files\iTunes
2012-05-28 05:35:05 -------- d-----w- c:\program files\Bonjour
2012-05-18 00:56:04 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\COWON
2012-05-18 00:52:58 -------- d-----w- c:\program files\common files\COWON
2012-05-18 00:52:57 -------- d-----w- c:\program files\JetAudio
2012-05-17 22:10:31 -------- d-----w- c:\program files\Microsoft Mathematics
2012-05-17 02:17:09 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\OpenOffice.org
2012-05-17 01:52:11 -------- d-----w- c:\program files\OpenOffice.org 3
2012-05-14 23:22:20 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\TeamViewer
2012-05-14 23:20:50 -------- d-----w- c:\program files\TeamViewer
2012-05-13 19:35:32 -------- d-----w- c:\program files\Microsoft Calculator Plus
2012-05-13 00:06:39 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-12 23:09:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2012-05-11 18:43:30 -------- d-----w- C:\IObit
2012-05-10 01:15:51 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 01:15:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 01:15:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 01:15:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 01:15:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 01:15:47 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 01:15:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-10 01:14:33 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 01:14:20 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 01:14:20 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 01:14:20 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 01:14:20 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-10 01:14:20 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 01:14:19 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-05-10 01:13:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 01:13:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 01:13:47 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 22:07:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-09 22:07:28 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-09 22:07:28 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-09 11:46:57 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Auslogics
2012-05-09 11:46:54 -------- d-----w- c:\program files\Auslogics
2012-05-09 02:27:43 -------- d-----w- c:\programdata\GFI Software
2012-05-08 23:44:59 -------- d-----w- c:\programdata\IObit
2012-05-08 23:44:47 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\IObit
2012-05-08 23:44:38 -------- d-----w- c:\program files\IObit
2012-05-08 23:43:18 -------- d-----w- c:\program files\Defraggler
.
==================== Find3M ====================
.
2012-05-09 00:35:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 00:35:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 13:07:10.24 ===============
And attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/20/2008 1:17:04 PM
System Uptime: 6/5/2012 12:54:52 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 304.993 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.989 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Auslogics Disk Defrag Professional
Bonjour
Browser Address Error Redirector
CCleaner
Combat Arms
COWON Media Center - jetAudio Basic VX
Defraggler
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Epson CreativeZone
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 840 Series Printer Uninstall
EpsonNet Print
Finding Nemo UWF
Finding Nemo: Nemo's Underwater World of Fun
foobar2000 v1.1.11
Free File Opener
Google Chrome
Google Desktop
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Index.dat Analyzer v2.0
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0
Intel® TV Wizard
iTunes
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
Mabinogi
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Mathematics
Microsoft Office 2003 Resource Kit
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
Nexon Game Manager
OGA Notifier 2.0.0048.0
OpenOffice.org 3.4
Pando Media Booster
PDF Tablet 0.1
Product Documentation Launcher
QuickTime
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva
Roblox
Roblox for JT
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Sansa Updater
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
StreamTorrent 1.0
System Requirements Lab CYRI
System Requirements Lab for Intel
TeamViewer 7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Video Driver
User's Guides
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
Windows Live ID Sign-in Assistant
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/5/2012 3:01:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
6/5/2012 12:56:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
6/5/2012 12:56:52 PM, Error: Service Control Manager [7023] -
6/5/2012 12:56:52 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the path specified.
6/5/2012 12:43:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware Service service to connect.
6/5/2012 12:43:11 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/4/2012 9:44:40 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 9:43:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/4/2012 9:43:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/4/2012 9:43:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/4/2012 9:43:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/4/2012 9:43:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
6/4/2012 9:43:42 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 9:43:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/4/2012 9:42:40 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
6/4/2012 9:42:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
6/4/2012 10:04:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
6/4/2012 10:04:42 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: Cannot create a file when that file already exists.
6/4/2012 1:30:58 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The operation completed successfully.
6/1/2012 12:52:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
5/31/2012 9:56:50 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.
5/31/2012 9:46:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
5/31/2012 7:14:40 PM, Error: EventLog [6008] - The previous system shutdown at 4:52:04 PM on 5/30/2012 was unexpected.
5/31/2012 10:27:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/31/2012 10:19:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
5/29/2012 7:37:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/29/2012 4:08:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/29/2012 12:17:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/29/2012 11:38:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
5/29/2012 11:37:17 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================0 -
Please, create a system restore point before starting the registry editor, regedit: http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/
Read how you can restore to that restore point, if Windows isn't starting due to bad changes in the registry:
If you have a Vista DVD: http://www.bleepingcomputer.com/tutorials/system-restore-from-windows-vista-recovery-environment/
http://windows.microsoft.com/en-us/windows-vista/what-are-the-system-recovery-options-in-windows-vista
Start regedit, for example by entering regedit in the small search field that is visible when you click the start button.
Search for "adaware" (without ").
Repeat the search until you find one of these:
reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
reg.exe delete "HKCU\Software\adaware" /f
Delete that line.
Repeat the search until you find the other. Delete that line, too.
Restart the computer.
Run DDS and paste DDS.txt into your answer. You don't need to attach it and I'm not interested in Attach.txt this time.0 -
Ok, i'll try that. Also, I have a question. Can you change the screen resolution of ad aware in safe mode? I had a virus or something (13 traces detected) and when I run ad aware, it crashes. I have it running in safe mode but I cant see he full screen, because my other PC can't display any larger than 640x480. Can I change the screen size of ad-aware? 0 -
Sorry, the screen resolution can not be set to anything lower. People have wished before to be able to use it with 800x600 which is a rather common netbook size, but not that low.
You can try to use a context scan instead of a full scan, that is you right-click C:\ in Windows Explorer and select to scan it with Ad-Aware. It is less likely that it crash then.0 -
Here is the results for DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by JT at 20:45:28 on 2012-06-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.2018 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Windows\RtHDVCpl.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4WZPH_enUS451
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SDE5E.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SE2D1.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{6464EB9C-D332-449A-9306-D9BF50D896D4} : DhcpNameServer = 192.168.11.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6602d08f-aa45-4e6e-a466-2cbedf731f62%7D&mid=842549be547b47d1a1f4d1544f6dbb71-fbd19c0f95a374fa4daef549a6b5e41a63dccc4d&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-05-31%2022%3A27%3A36&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95200]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
.
=============== Created Last 30 ================
.
2012-06-08 06:17:02 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92f21a9a-1f09-4b75-8637-fb5f91c1bddb}\mpengine.dll
2012-06-06 20:09:49 -------- d-----w- C:\adaware
2012-06-05 03:00:04 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware
2012-06-05 02:57:51 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus
2012-06-04 05:26:47 -------- d-----w- c:\program files\Oracle
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-06-02 01:57:37 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\StreamTorrent
2012-06-02 01:57:37 -------- d-----w- c:\program files\StreamTorrent 1.0
2012-06-01 17:27:58 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07bd90c3-e787-4b16-8508-f53e8fa0df01}\mpengine.dll
2012-06-01 17:27:51 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2012-06-01 02:46:37 -------- d-----w- C:\Free File Opener
2012-06-01 01:27:28 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-05-30 00:52:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\SanDisk
2012-05-28 05:37:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-28 05:37:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-28 05:37:28 -------- d-----w- c:\program files\iPod
2012-05-28 05:37:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-28 05:37:27 -------- d-----w- c:\program files\iTunes
2012-05-28 05:35:05 -------- d-----w- c:\program files\Bonjour
2012-05-18 00:56:04 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\COWON
2012-05-18 00:52:58 -------- d-----w- c:\program files\common files\COWON
2012-05-18 00:52:57 -------- d-----w- c:\program files\JetAudio
2012-05-17 22:10:31 -------- d-----w- c:\program files\Microsoft Mathematics
2012-05-17 02:17:09 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\OpenOffice.org
2012-05-17 01:52:11 -------- d-----w- c:\program files\OpenOffice.org 3
2012-05-14 23:22:20 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\TeamViewer
2012-05-14 23:20:50 -------- d-----w- c:\program files\TeamViewer
2012-05-13 19:35:32 -------- d-----w- c:\program files\Microsoft Calculator Plus
2012-05-13 00:06:39 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-12 23:09:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2012-05-11 18:43:30 -------- d-----w- C:\IObit
.
==================== Find3M ====================
.
2012-05-09 00:35:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 00:35:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 20:46:21.55 ===============0 -
Great!
You managed to remove those two registry entries.
Please, try to install Ad-Aware again. After the restart of the computer, run DDS and paste DDS.txt again. Please, report how Ad-Aware is behaving now.0 -
Hi HelpMe12345,
I will write you in PM. Can you look and answer please?
Thanks,
Ann0 -
I think it is a good idea if you follow LS Ann's suggestion. This is a strange problem and it is probably much easier for someone that can connect to your computer to find the solution than to do it in the forum.
1. Control Panel - Administration Tools - Services
Find "Ad-Aware Service" in the list and double-click on it.
Check that the start method is automatic.
Click on the Start button. What error message do you get?
2. Let us see what an online scanner says:
Run an online scan with Eset http://www.eset.com/onlinescan/
Un-check "Remove found threats"
Check "Scan Archives"
Click "Advanced Settings"
Check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Click Scan
When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer.
3. Restart the computer and check if there are any common errors with Windows files and settings by running System File Checker: http://support.microsoft.com/kb/9298330 -
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by JT at 21:57:26 on 2012-06-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1342 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Windows\RtHDVCpl.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4WZPH_enUS451
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SDE5E.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SE2D1.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{6464EB9C-D332-449A-9306-D9BF50D896D4} : DhcpNameServer = 192.168.11.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6602d08f-aa45-4e6e-a466-2cbedf731f62%7D&mid=842549be547b47d1a1f4d1544f6dbb71-fbd19c0f95a374fa4daef549a6b5e41a63dccc4d&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-05-31%2022%3A27%3A36&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-9 335224]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2012-6-9 217976]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95200]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-6-9 77816]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-6-9 94584]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]
S2 0191111339532795mcinstcleanup;McAfee Application Installer Cleanup (0191111339532795);c:\windows\temp\019111~1.exe -cleanup -nolog --> c:\windows\temp\019111~1.EXE -cleanup -nolog [?]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257224]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-6-9 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-6-9 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
.
=============== Created Last 30 ================
.
2012-06-09 22:45:21 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware
2012-06-09 22:44:45 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-06-09 22:44:45 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-06-09 22:44:44 217976 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-06-09 22:44:29 -------- d-----w- c:\users\jt.jared-pc\appdata\local\Macromedia
2012-06-09 22:44:00 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-06-09 22:44:00 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-06-09 22:43:58 -------- d-----w- c:\windows\system32\drivers\VDD
2012-06-08 06:17:02 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92f21a9a-1f09-4b75-8637-fb5f91c1bddb}\mpengine.dll
2012-06-06 20:09:49 -------- d-----w- C:\adaware
2012-06-05 02:57:51 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus
2012-06-04 05:26:47 -------- d-----w- c:\program files\Oracle
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-06-02 01:57:37 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\StreamTorrent
2012-06-02 01:57:37 -------- d-----w- c:\program files\StreamTorrent 1.0
2012-06-01 17:27:58 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07bd90c3-e787-4b16-8508-f53e8fa0df01}\mpengine.dll
2012-06-01 17:27:51 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2012-06-01 02:46:37 -------- d-----w- C:\Free File Opener
2012-06-01 01:27:28 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-05-30 00:52:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\SanDisk
2012-05-28 05:37:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-28 05:37:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-28 05:37:28 -------- d-----w- c:\program files\iPod
2012-05-28 05:37:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-28 05:37:27 -------- d-----w- c:\program files\iTunes
2012-05-28 05:35:05 -------- d-----w- c:\program files\Bonjour
2012-05-18 00:56:04 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\COWON
2012-05-18 00:52:58 -------- d-----w- c:\program files\common files\COWON
2012-05-18 00:52:57 -------- d-----w- c:\program files\JetAudio
2012-05-17 22:10:31 -------- d-----w- c:\program files\Microsoft Mathematics
2012-05-17 02:17:09 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\OpenOffice.org
2012-05-17 01:52:11 -------- d-----w- c:\program files\OpenOffice.org 3
2012-05-14 23:22:20 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\TeamViewer
2012-05-14 23:20:50 -------- d-----w- c:\program files\TeamViewer
.
==================== Find3M ====================
.
2012-06-09 22:41:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 22:41:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 23:47:08 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 21:58:28.40 ===============0 -
Sorry I have not been back in a while. Ayways here's the scan. I tried the other thing, and windows fixe errors but it didn't solve the problem.
The error I get when I run ad aware sevice is this:
Windows could not start the Ad-Aware Service service on Local Computer.
Error 1053: The service did not respond to the start or control request in a timely fashion.
Here is the scan results:
C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe Win32/Toolbar.Zugo application
C:\Users\Jared\AppData\Local\Temp\msimg32.dll a variant of Win32/Kryptik.AKMA trojan
C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1e133708-639f649f a variant of Java/Exploit.CVE-2012-1723.AP trojan0 -
Please, delete C:\Program Files\Search Toolbar.
The DDS logs says that Microsoft Security Essentials is installed. Do you know anything about that?
Upload C:\Users\Jared\AppData\Local\Temp\msimg32.dll to http://www.virustotal.com/ using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report.
Best that you post new DDS logs, both DDS.txt and Attach.txt.0 -
Sorry, But I already deleted C:\Users\Jared\AppData\Local\Temp\msimg32.dll.
I did a search on my computer for MSE and it isn't installed.
Here is DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by JT at 16:43:13 on 2012-08-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1637 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\TP-LINK\QSS\jswpbapi.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_S4C5B.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [<NO NAME>]
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\evolue~1.lnk - c:\windows\installer\{a3a814ad-e978-4b68-a548-ac9c560c1b9d}\_A6095E4D62E53F7667CEA7.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{C2D91CE7-F628-489E-876F-72B5EEE71D4B} : DhcpNameServer = 192.168.11.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQH4mGHPs&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5666aefd00000000000090f6520c5a9c
FF - user.js: extensions.incredibar_i.instlDay - 15571
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:35:21
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQH4mGHPs
FF - user.js: extensions.incredibar_i.upn2n - 92543435031852914
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-7-21 20384]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]
R2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2012-7-21 188416]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95232]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-10 1153368]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-7-21 1387008]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2012-8-2 20024]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2012-7-21 954368]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 113120]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-8-28 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-28 19:49:35 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware
2012-08-28 19:47:29 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-28 19:47:18 -------- d-----w- c:\windows\system32\drivers\VDD
2012-08-28 19:38:52 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus
2012-08-28 18:49:04 69632 ----a-w- c:\windows\system32\KemXML.dll
2012-08-28 18:49:04 163840 ----a-w- c:\windows\system32\kemutb.dll
2012-08-28 18:49:04 131072 ----a-w- c:\windows\system32\KemUtil.dll
2012-08-28 18:49:04 110592 ----a-w- c:\windows\system32\KemWnd.dll
2012-08-28 18:48:45 -------- d-----w- c:\program files\SetPoint
2012-08-28 18:48:43 -------- d-----w- c:\program files\common files\Logitech
2012-08-28 18:48:24 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-08-28 18:48:24 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-08-28 18:48:24 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-08-28 18:48:23 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-08-28 18:48:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-08-28 18:48:19 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-08-28 18:48:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-08-20 01:07:58 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\AVS4YOU
2012-08-20 01:06:10 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-20 01:06:02 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-20 01:06:02 -------- d-----w- c:\programdata\AVS4YOU
2012-08-20 01:06:02 -------- d-----w- c:\program files\common files\AVSMedia
2012-08-20 01:06:02 -------- d-----w- c:\program files\AVS4YOU
2012-08-19 22:35:46 -------- d-----w- c:\program files\DVD Shrink
2012-08-19 22:35:25 -------- d-----w- c:\program files\Perion
2012-08-15 02:32:59 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:53:20 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 03:04:46 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-08-14 02:43:58 -------- d-----w- c:\programdata\PC-Doctor
2012-08-14 02:42:01 -------- d-----w- c:\program files\common files\supportsoft
2012-08-14 02:41:19 315392 ----a-w- c:\windows\HideWin.exe
2012-08-14 02:41:18 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-08-13 22:11:08 -------- d-----w- c:\program files\Evoluent
2012-08-06 02:44:31 -------- d-----w- c:\users\jt.jared-pc\appdata\local\Downloaded Installations
2012-08-05 03:25:31 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bd6d61a0-ad8a-4c88-ad9e-415bea41a8cc}\mpengine.dll
2012-08-05 00:06:35 -------- d-----w- c:\program files\ESET
2012-08-02 19:51:40 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys
2012-07-29 23:03:57 -------- dc-h--w- c:\programdata\{174CB352-A040-4B6C-A7AF-265990FED40B}
2012-07-29 23:03:56 -------- d-----w- c:\program files\Ultimate Encoder 7 Free
2012-07-29 22:59:09 -------- d-----w- c:\users\jt.jared-pc\appdata\local\PackageAware
.
==================== Find3M ====================
.
2012-08-15 01:35:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 01:35:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 02:41:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:44:26.02 ===============
And attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/20/2008 1:17:04 PM
System Uptime: 8/28/2012 4:35:03 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 290.163 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.989 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Auslogics Disk Defrag Professional
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Bonjour
Browser Address Error Redirector
CCleaner
CDDRV_Installer
Combat Arms
COWON Media Center - jetAudio Basic VX
Defraggler
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center (Support Software)
DVD Shrink 3.2
Epson CreativeZone
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 840 Series Printer Uninstall
EpsonNet Print
ESET Online Scanner v3
Evoluent Mouse Manager
Finding Nemo UWF
Finding Nemo: Nemo's Underwater World of Fun
foobar2000 v1.1.11
Free File Opener
Google Chrome
Google Desktop
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Index.dat Analyzer v2.0
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
KhalSetup
Mabinogi
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft IntelliPoint 8.2
Microsoft Mathematics
Microsoft Office 2003 Resource Kit
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
MyTomTom 3.2.0.700
Nexon Game Manager
OGA Notifier 2.0.0048.0
OpenOffice.org 3.4
Pando Media Booster
PDF Tablet 0.1
Product Documentation Launcher
QSS Installation Program
QuickTime
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
Recuva
Roblox
Roblox for JT
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Sansa Updater
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SetPoint
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
StreamTorrent 1.0
System Requirements Lab CYRI
System Requirements Lab for Intel
TeamViewer 7
TP-LINK Wireless Client Utility
Ultimate Encoder 7 Free
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Video Driver
User's Guides
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio C++ 10.0 Runtime
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
Windows Live ID Sign-in Assistant
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/28/2012 4:44:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware Service service to connect.
8/28/2012 4:44:11 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/28/2012 4:36:45 PM, Error: Service Control Manager [7023] -
8/28/2012 4:36:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
8/28/2012 4:34:05 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:32:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:32:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/28/2012 4:32:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/28/2012 4:32:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/28/2012 4:32:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/28/2012 4:32:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/28/2012 4:32:06 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
8/28/2012 4:32:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
8/28/2012 4:32:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/28/2012 4:32:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC jswpslwf MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 2:44:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
8/28/2012 2:39:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/28/2012 2:38:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
8/28/2012 2:37:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/28/2012 2:37:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SBRE spldr Wanarpv6
8/28/2012 2:24:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
8/28/2012 2:22:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
.
==== End Of File ===========================0 -
Win32/Kryptik.AKMA trojan can be a very serious infection. We have to use other programs that searches deeper.
1.
Please, save RougueKiller on the Desktop.
http://www.sur-la-toile.com/RogueKiller/
Turn off all running programs and remove any external drives and other devices connected with USB except mouse and keyboard.
Start RougueKiller (in Vista and Windows 7 right-click the program and select "Run as administrator"). If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.
Wait until "Prescan" has finished.
Click on "Scan" button in upper right corner.
Wait until the scan has finished.
A report with a name similar to RKreport.txt should have been created on the desktop.
Please, post it in your answer.
2.
Please, download aswMBR to your desktop. http://public.avast.com/~gmerek/aswMBR.exe
Double click it to start the program.
Allow it to download extra definitions.
Click the [b]Scan[/b] button to start the scan.
When the scan has finished click the [b]Save log[/b] button and save it to your desktop.
Post the log.
3.
Save TDSSKiller on the Desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Turn off all programs.
Run the program TDSSKiller.
Click on [b]Start Scan[/b].
If any [u]malicious[/u] objects are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip[/b]. If any [u]suspicious [/u] objects are found select [b]Skip [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.
Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.0 -
Please, log in as Jared and not JT since it was in Jared's folder the trojan was found. Turn off all running programs before running RogueKiller again. Paste the log into your answer. 0 -
Log:
RogueKiller V8.0.1 [08/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: [url="http://www.geekstogo.com/forum/files/file/413-roguekiller/"]http://www.geekstogo.com/forum/files/file/413-roguekiller/[/url]
Blog: [url="http://tigzyrk.blogspot.com"]http://tigzyrk.blogspot.com[/url]
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Jared [Admin rights]
Mode : Scan -- Date : 08/31/2012 17:37:00
¤¤¤ Bad processes : 7 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH] SansaDispatch.exe -- C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-215613564-3252992321-3342676906-1011[...]\Run : SansaDispatch (C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4667 : wscript.exe -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
::1 localhost
127.0.0.1 [url="http://www.007guard.com"]www.007guard.com[/url]
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 [url="http://www.008k.com"]www.008k.com[/url]
127.0.0.1 008k.com
127.0.0.1 [url="http://www.00hq.com"]www.00hq.com[/url]
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 [url="http://www.032439.com"]www.032439.com[/url]
127.0.0.1 032439.com
127.0.0.1 [url="http://www.0scan.com"]www.0scan.com[/url]
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 [url="http://www.1000gratisproben.com"]www.1000gratisproben.com[/url]
127.0.0.1 1001namen.com
127.0.0.1 [url="http://www.1001namen.com"]www.1001namen.com[/url]
127.0.0.1 100888290cs.com
127.0.0.1 [url="http://www.100888290cs.com"]www.100888290cs.com[/url]
127.0.0.1 [url="http://www.100sexlinks.com"]www.100sexlinks.com[/url]
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++
--- User ---
[MBR] 25eb30350c9e160deb561013fb9d3a61
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 466651 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt0 -
Perform everything from the Jared account.
1.
Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.
Read carefully and note the "Disclaimer of warranty"!
Paste the content of the log into your answer.
If ComboFix displays a message, for example that a rootkit was found, write it down as detailed as possible.
2.
Please, also run DDS and paste DDS.txt.0 -
Log:
ComboFix 12-09-01.01 - Jared 09/02/2012 21:06:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1948 [GMT -5:00]
Running from: c:\users\Jared\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Microsoft
c:\program files\Object
c:\program files\Object\config.ini
c:\program files\SGPSA
c:\programdata\30400248
c:\users\Jared\g2mdlhlpx.exe
c:\users\Jared\Mabinogi .lnk
c:\users\JT\AppData\Roaming\adaware-installer-reboot-required.tmp
c:\users\Public\Favorites\Mabinogi.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\912302e72feb4daf.fb
c:\windows\system32\Cache\a73a4c6506b67c11.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\ff30fd7744a0c9b3.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 02:16 . 2012-09-03 02:17 -------- d-----w- c:\users\Jared\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\JT\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Elly\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Zach\AppData\Local\temp
2012-09-02 18:04 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9ED34764-E327-4073-BF31-701BACEE7BE8}\gapaengine.dll
2012-09-02 17:55 . 2012-09-02 17:55 -------- d-----w- C:\adawarebp
2012-09-02 17:51 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55C03909-67B2-43DA-8591-C9395FC4D665}\gapaengine.dll
2012-08-31 23:31 . 2012-08-31 23:31 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\adawarebp
2012-08-31 23:12 . 2012-08-31 23:12 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-08-31 22:54 . 2012-08-31 22:54 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Roaming\Logitech
2012-08-31 22:42 . 2012-08-31 22:42 -------- d-----w- c:\program files\adawaretb
2012-08-31 22:40 . 2012-08-23 05:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAF52525-2499-4BFA-8258-31E4D10C9C5B}\mpengine.dll
2012-08-31 01:22 . 2012-08-28 06:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E51D34A3-9DC5-43A9-9787-436465C6F488}\mpengine.dll
2012-08-31 00:56 . 2012-09-02 18:09 -------- d-----w- c:\users\JT.Jared-PC\Tracing
2012-08-31 00:53 . 2012-08-31 00:53 -------- d-----w- c:\windows\en
2012-08-31 00:52 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-08-31 00:50 . 2012-08-31 00:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-08-31 00:46 . 2012-08-31 00:54 -------- d-----w- c:\program files\Windows Live
2012-08-31 00:42 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-08-31 00:41 . 2012-08-31 01:17 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\Windows Live
2012-08-31 00:41 . 2012-08-31 00:41 -------- d-----w- c:\program files\Common Files\Windows Live
2012-08-29 23:17 . 2012-08-29 23:17 -------- d-----w- c:\users\Elly\AppData\Local\Free File Opener
2012-08-29 23:10 . 2012-08-29 23:10 -------- d-----w- c:\users\Elly\AppData\Local\Unity
2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Roaming\Logitech
2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Local\SupportSoft
2012-08-28 23:33 . 2012-08-28 23:33 -------- d-----w- c:\users\Elly\AppData\Roaming\Logitech
2012-08-28 19:49 . 2012-08-28 20:21 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\adaware
2012-08-28 19:47 . 2011-12-19 17:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-28 19:47 . 2012-08-28 19:47 -------- d-----w- c:\windows\system32\drivers\VDD
2012-08-28 19:39 . 2012-08-28 19:39 -------- d-----w- c:\programdata\Lavasoft
2012-08-28 19:38 . 2012-08-28 19:50 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Ad-Aware Antivirus
2012-08-28 19:09 . 2012-08-28 19:09 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Logitech
2012-08-28 18:49 . 2006-11-16 18:44 69632 ----a-w- c:\windows\system32\KemXML.dll
2012-08-28 18:49 . 2006-11-16 18:44 163840 ----a-w- c:\windows\system32\kemutb.dll
2012-08-28 18:49 . 2006-11-16 18:44 110592 ----a-w- c:\windows\system32\KemWnd.dll
2012-08-28 18:49 . 2006-11-16 18:44 131072 ----a-w- c:\windows\system32\KemUtil.dll
2012-08-28 18:48 . 2012-08-28 18:48 -------- d-----w- c:\programdata\Logitech
2012-08-28 18:48 . 2012-08-28 18:53 -------- d-----w- c:\program files\SetPoint
2012-08-28 18:48 . 2012-08-28 18:49 -------- d-----w- c:\program files\Common Files\Logitech
2012-08-28 18:48 . 2005-04-04 04:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-08-28 18:48 . 2005-04-04 04:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-08-28 18:48 . 2005-04-04 04:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-08-28 18:48 . 2005-04-04 04:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-08-28 18:48 . 2005-04-04 03:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-08-28 18:48 . 2012-08-28 18:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-08-28 18:48 . 2012-08-28 18:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-08-20 01:07 . 2012-08-20 01:07 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\AVS4YOU
2012-08-20 01:06 . 2012-03-24 00:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-20 01:06 . 2012-08-20 01:07 -------- d-----w- c:\programdata\AVS4YOU
2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\AVS4YOU
2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-08-20 01:06 . 2012-03-24 00:59 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\DVD Shrink
2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\Perion
2012-08-19 22:35 . 2012-08-19 22:35 448 ----a-w- C:\user.js
2012-08-19 21:35 . 2012-08-19 21:35 -------- d-----w- c:\users\JT\AppData\Local\Apps
2012-08-15 02:32 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:53 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 03:04 . 2012-08-14 03:04 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-08-14 02:43 . 2012-08-14 02:43 -------- d-----w- c:\programdata\PC-Doctor
2012-08-14 02:42 . 2012-08-14 02:42 -------- d-----w- c:\program files\Common Files\supportsoft
2012-08-14 02:41 . 2012-08-14 02:41 315392 ----a-w- c:\windows\HideWin.exe
2012-08-14 02:41 . 2007-07-26 22:09 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-08-13 22:11 . 2012-08-13 22:11 -------- d-----w- c:\program files\Evoluent
2012-08-09 18:13 . 2012-08-09 18:13 -------- d-----w- c:\users\Zach\AppData\Roaming\Ad-Aware Antivirus
2012-08-06 16:59 . 2012-08-06 16:59 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Roaming\Ad-Aware Antivirus
2012-08-06 14:17 . 2012-08-06 14:17 -------- d-----w- c:\users\Elly\AppData\Roaming\Ad-Aware Antivirus
2012-08-06 02:44 . 2012-08-06 02:44 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\Downloaded Installations
2012-08-05 00:06 . 2012-08-05 00:06 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 00:46 . 2009-08-18 17:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-31 00:41 . 2012-04-02 12:09 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 00:41 . 2011-12-02 22:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 05:15 . 2012-06-01 17:27 7022536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-08-23 05:15 . 2012-03-02 23:38 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-14 02:41 . 2011-12-12 22:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-08-02 19:51 . 2012-08-02 19:51 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys
2012-06-05 16:47 . 2012-07-13 01:19 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-13 01:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-25 02:01 . 2012-08-31 00:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-05-12 23:09 . 2012-05-12 23:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-10-11 94208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evoluent Mouse Manager.lnk - c:\windows\Installer\{A3A814AD-E978-4B68-A548-AC9C560C1B9D}\_A6095E4D62E53F7667CEA7.exe [2012-8-13 4286]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2012-8-28 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 840 Series]
2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2012-05-12 23:09 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-04 20:57 136176 ----atw- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]
2009-09-24 13:51 32871 ----a-w- c:\program files\TP-LINK\QSS\jswtrayutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2012-05-18 09:04 434168 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-08-03 21:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 840(Network)]
2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:41]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001Core.job
- c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001UA.job
- c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003Core.job
- c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003UA.job
- c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011Core.job
- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011UA.job
- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]
.
2012-09-02 c:\windows\Tasks\User_Feed_Synchronization-{064C70C4-A09A-458F-8141-F53A9022B020}.job
- c:\windows\system32\msfeedssync.exe [2011-06-09 16:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.11.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\y88i8nh3.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/?rlz=1V1IPYX
FF - prefs.js: browser.startup.homepage - about:home
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-50559665.sys
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2012-09-02 21:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-02 21:19:20
ComboFix-quarantined-files.txt 2012-09-03 02:19
.
Pre-Run: 305,993,748,480 bytes free
Post-Run: 310,135,627,776 bytes free
.
- - End Of File - - 1A77B3384DE4B8FBB453120D5A87F566
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Jared at 0:25:42 on 2012-09-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1445 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\TP-LINK\QSS\jswpbapi.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll"
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\evolue~1.lnk - c:\windows\installer\{a3a814ad-e978-4b68-a548-ac9c560c1b9d}\_A6095E4D62E53F7667CEA7.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{C2D91CE7-F628-489E-876F-72B5EEE71D4B} : DhcpNameServer = 192.168.11.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-7-21 20384]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]
R2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2012-7-21 188416]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-10 1153368]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-7-21 1387008]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2012-8-2 20024]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95232]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250568]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-30 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2012-7-21 954368]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-30 114144]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-8-28 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-09-03 02:19:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-03 02:19:27 -------- d-sh--w- \$RECYCLE.BIN
2012-09-03 02:19:22 -------- d-----w- c:\users\jt\appdata\local\temp
2012-09-03 02:00:54 98816 ----a-w- c:\windows\sed.exe
2012-09-03 02:00:54 518144 ----a-w- c:\windows\SWREG.exe
2012-09-03 02:00:54 256000 ----a-w- c:\windows\PEV.exe
2012-09-03 02:00:54 208896 ----a-w- c:\windows\MBR.exe
2012-09-03 02:00:50 -------- d-----w- C:\ComboFix
2012-09-03 02:00:50 -------- d-----w- \ComboFix
2012-09-03 01:59:40 -------- d-----w- \Qoobox
2012-09-02 18:04:20 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9ed34764-e327-4073-bf31-701bacee7be8}\gapaengine.dll
2012-09-02 17:55:04 -------- d-----w- C:\adawarebp
2012-09-02 17:55:04 -------- d-----w- \adawarebp
2012-09-02 17:51:09 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{55c03909-67b2-43da-8591-c9395fc4d665}\gapaengine.dll
2012-08-31 23:12:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-08-31 22:42:35 -------- d-----w- c:\program files\adawaretb
2012-08-31 22:40:14 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaf52525-2499-4bfa-8258-31e4d10c9c5b}\mpengine.dll
2012-08-31 01:22:04 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e51d34a3-9dc5-43a9-9787-436465c6f488}\mpengine.dll
2012-08-31 00:53:47 -------- d-----w- c:\windows\en
2012-08-31 00:52:28 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-08-31 00:50:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-08-31 00:42:55 754688 ----a-w- c:\windows\system32\webservices.dll
2012-08-31 00:41:47 15712 ----a-w- c:\program files\common files\windows live\.cache\66e8ca011cd871105\MeshBetaRemover.exe
2012-08-31 00:41:43 89944 ----a-w- c:\program files\common files\windows live\.cache\64186bf11cd871104\DSETUP.dll
2012-08-31 00:41:43 537432 ----a-w- c:\program files\common files\windows live\.cache\64186bf11cd871104\DXSETUP.exe
2012-08-31 00:41:43 1801048 ----a-w- c:\program files\common files\windows live\.cache\64186bf11cd871104\dsetup32.dll
2012-08-31 00:41:38 94040 ----a-w- c:\program files\common files\windows live\.cache\6098bb111cd871103\DSETUP.dll
2012-08-31 00:41:38 525656 ----a-w- c:\program files\common files\windows live\.cache\6098bb111cd871103\DXSETUP.exe
2012-08-31 00:41:38 1691480 ----a-w- c:\program files\common files\windows live\.cache\6098bb111cd871103\dsetup32.dll
2012-08-31 00:41:03 -------- d-----w- c:\program files\common files\Windows Live
2012-08-28 19:47:29 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-28 19:47:18 -------- d-----w- c:\windows\system32\drivers\VDD
2012-08-28 18:49:04 69632 ----a-w- c:\windows\system32\KemXML.dll
2012-08-28 18:49:04 163840 ----a-w- c:\windows\system32\kemutb.dll
2012-08-28 18:49:04 131072 ----a-w- c:\windows\system32\KemUtil.dll
2012-08-28 18:49:04 110592 ----a-w- c:\windows\system32\KemWnd.dll
2012-08-28 18:48:45 -------- d-----w- c:\program files\SetPoint
2012-08-28 18:48:24 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-08-28 18:48:24 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-08-28 18:48:24 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-08-28 18:48:23 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-08-28 18:48:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-08-28 18:48:19 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-08-28 18:48:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-08-20 01:06:10 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-20 01:06:02 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-20 01:06:02 -------- d-----w- c:\programdata\AVS4YOU
2012-08-20 01:06:02 -------- d-----w- c:\program files\common files\AVSMedia
2012-08-20 01:06:02 -------- d-----w- c:\program files\AVS4YOU
2012-08-19 22:35:46 -------- d-----w- c:\program files\DVD Shrink
2012-08-19 22:35:25 -------- d-----w- c:\program files\Perion
2012-08-19 21:35:46 -------- d-----w- c:\users\jt\appdata\local\Apps
2012-08-15 02:32:59 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:53:20 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 03:04:46 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-08-14 02:43:58 -------- d-----w- c:\programdata\PC-Doctor
2012-08-14 02:42:01 -------- d-----w- c:\program files\common files\supportsoft
2012-08-14 02:41:19 315392 ----a-w- c:\windows\HideWin.exe
2012-08-14 02:41:18 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-08-13 22:11:08 -------- d-----w- c:\program files\Evoluent
2012-08-05 00:06:35 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2012-08-31 00:41:08 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 00:41:08 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 02:41:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-08-02 19:51:40 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
============= FINISH: 0:26:12.14 ===============0 -
Good, several bad files were removed!
Please, uninstall Java™ 7 Update 4 since it is an old version with many vulnerabilities. It is now very easy to infect the computer from a web page. It is very important to keep, for example, Java updated.
Copy all lines in the box:
[code]
Killall::
ClearJavaCache::
DDS::
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
uURLSearchHooks: H - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
SecCenter::
{108DAC43-C256-20B7-BB05-914135DA5160}
[/code]
and paste into Notepad.
Save the file on the desktop with the name CFScript.
Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.
0 -
ComboFix didn't notice that you dropped CFScript on top of it. Please, try again. 0
Please sign in to leave a comment.
Comments
46 comments