Skip to main content

AdAware 10 won't start on Windows Vista

Comments

46 comments

  • Customer
    In LS Ann's description, it said to kill AdAware.exe, all AdAwareLauncher.exe and AdAwareService.exe in the task manager, but they are not open. I followed her second solution, and nothing happened.

    Also I have the following programs:

    -Spybot Search and Destroy

    -Malwarebyte's anti-malware

    -Windows Defender
    0
  • Support
    Hi HelpMe12345,



    Is it behaving as LS Ann describes in http://www.lavasoftsupport.com/index.php?/topic/32398-solution-if-ad-aware-does-not-start-after-clicking-program-icon/ ?



    Do you have another antivirus or similar program installed?
    0
  • Customer
    OK, thank you. Also, here is a screenshot I took of the security center.
    0
  • Support
    Spybot S&D (TeaTimer) controls what is entered into some parts of the registry. If it stops the Ad-Aware installation program from adding a program to the list of programs that will be started automatically, Ad-Aware will not start. I suggest that you are sure that Spybot, including TeaTimer, is turned off before you install Ad-Aware.
    0
  • Support
    Ok, let us see if which Ad-Aware drivers and services have been added to the registry. Save DDS to your desktop: http://download.bleepingcomputer.com/sUBs/dds.scr



    Double-click on the DDS tool to run it.



    When finished, DDS will open two (2) logs:

    1. DDS.txt

    2. Attach.txt



    Save them to your desktop and paste their content into your answer.
    0
  • Customer
    Ok, I uninstalled spybot, uninstalled ad-aware, restarted my computer, installed ad aware, and after the new installation, it still does not open.
    0
  • Support
    According to the logs you recently had Avast and AVG installed. Have you run their special removal/clean-up programs after uninstalling them?

    Do you have Microsoft Security Essentials installed?



    Are there several user accounts in the computer?

    Have Ad-Aware been installed with one account and uninstalled with another? Or have you used "Run as administrator" when you installed or uninstalled Ad-Aware?

    dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

    dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

    Those two registry entries should Windows only run once and then delete (probably during the restart after uninstall of Ad-Aware), but they are still there. Maybe Windows then will continue to delete necessary Ad-Aware information from the registry after each restart of the computer.



    The Ad-Aware Services are there but they aren't running.



    P.S. This is an old version with known vulnerabilities:

    Java™ SE Runtime Environment 6

    You should uninstall it.
    0
  • Customer
    OK, here is DDS.txt:



    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

    Run by JT at 16:57:05 on 2012-06-02

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1881 [GMT -5:00]

    .

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

    SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\rundll32.exe

    C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

    C:\Windows\RtHDVCpl.exe

    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Windows\System32\wpcumi.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\Windows\system32\NOTEPAD.EXE

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4WZPH_enUS451

    uWindow Title = Internet Explorer provided by Dell

    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221

    uSearch Bar =

    mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}

    mDefault_Page_URL = hxxp://www.yahoo.com

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    uURLSearchHooks: H - No File

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

    TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File

    TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File

    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

    uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SDE5E.tmp" /EF "HKCU"

    uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SE2D1.tmp" /EF "HKCU"

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run

    dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

    dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    LSP: c:\windows\system32\wpclsp.dll

    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

    DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

    TCP: DhcpNameServer = 192.168.11.1

    TCP: Interfaces\{6464EB9C-D332-449A-9306-D9BF50D896D4} : DhcpNameServer = 192.168.11.1

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Notify: igfxcui - igfxdev.dll

    AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

    Hosts: 127.0.0.1 www.spywareinfoforum.com

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6602d08f-aa45-4e6e-a466-2cbedf731f62%7D&mid=842549be547b47d1a1f4d1544f6dbb71-fbd19c0f95a374fa4daef549a6b5e41a63dccc4d&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-05-31%2022%3A27%3A36&sap=ku&q=

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll

    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

    FF - plugin: c:\windows\system32\npDeployJava1.dll

    FF - plugin: c:\windows\system32\npmproxy.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

    R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-2 335224]

    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]

    R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2012-6-2 217976]

    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]

    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]

    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95200]

    R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]

    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-6-2 77816]

    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-6-2 94584]

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]

    S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]

    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]

    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]

    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-6-2 94584]

    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-6-2 93816]

    S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]

    .

    =============== Created Last 30 ================

    .

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

    2012-06-02 18:15:49 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware

    2012-06-02 18:15:29 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys

    2012-06-02 18:15:28 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys

    2012-06-02 18:15:28 217976 ----a-w- c:\windows\system32\drivers\sbtis.sys

    2012-06-02 18:14:06 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

    2012-06-02 18:14:05 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys

    2012-06-02 18:14:01 -------- d-----w- c:\windows\system32\drivers\VDD

    2012-06-02 18:12:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus

    2012-06-02 05:30:26 -------- d-----w- c:\users\jt.jared-pc\appdata\local\RoHack_LTD

    2012-06-02 01:57:37 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\StreamTorrent

    2012-06-02 01:57:37 -------- d-----w- c:\program files\StreamTorrent 1.0

    2012-06-01 17:27:58 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07bd90c3-e787-4b16-8508-f53e8fa0df01}\mpengine.dll

    2012-06-01 17:27:51 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

    2012-06-01 02:46:37 -------- d-----w- C:\Free File Opener

    2012-06-01 01:27:28 -------- d-----w- c:\program files\Ad-Aware Antivirus

    2012-05-30 00:52:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\SanDisk

    2012-05-29 05:00:27 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1240c88a-a1e7-4ae9-b30c-78ca62121b45}\mpengine.dll

    2012-05-28 05:37:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2012-05-28 05:37:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll

    2012-05-28 05:37:28 -------- d-----w- c:\program files\iPod

    2012-05-28 05:37:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    2012-05-28 05:37:27 -------- d-----w- c:\program files\iTunes

    2012-05-28 05:35:05 -------- d-----w- c:\program files\Bonjour

    2012-05-18 00:56:04 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\COWON

    2012-05-18 00:52:58 -------- d-----w- c:\program files\common files\COWON

    2012-05-18 00:52:57 -------- d-----w- c:\program files\JetAudio

    2012-05-17 22:10:31 -------- d-----w- c:\program files\Microsoft Mathematics

    2012-05-17 02:17:09 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\OpenOffice.org

    2012-05-17 01:52:11 -------- d-----w- c:\program files\OpenOffice.org 3

    2012-05-14 23:22:20 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\TeamViewer

    2012-05-14 23:20:50 -------- d-----w- c:\program files\TeamViewer

    2012-05-13 19:35:32 -------- d-----w- c:\program files\Microsoft Calculator Plus

    2012-05-13 00:08:07 -------- d-----w- c:\program files\Oracle

    2012-05-13 00:06:39 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

    2012-05-12 23:09:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    2012-05-11 18:43:30 -------- d-----w- C:\IObit

    2012-05-10 01:15:51 1069056 ----a-w- c:\windows\system32\DWrite.dll

    2012-05-10 01:15:50 683008 ----a-w- c:\windows\system32\d2d1.dll

    2012-05-10 01:15:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

    2012-05-10 01:15:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll

    2012-05-10 01:15:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

    2012-05-10 01:15:47 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-05-10 01:15:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2012-05-10 01:14:33 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

    2012-05-10 01:14:20 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll

    2012-05-10 01:14:20 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll

    2012-05-10 01:14:20 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

    2012-05-10 01:14:20 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll

    2012-05-10 01:14:20 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

    2012-05-10 01:14:19 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe

    2012-05-10 01:13:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-05-10 01:13:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-10 01:13:47 2044928 ----a-w- c:\windows\system32\win32k.sys

    2012-05-09 22:07:30 -------- d-----w- c:\program files\Mozilla Maintenance Service

    2012-05-09 22:07:28 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

    2012-05-09 22:07:28 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

    2012-05-09 11:46:57 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Auslogics

    2012-05-09 11:46:54 -------- d-----w- c:\program files\Auslogics

    2012-05-09 02:27:43 -------- d-----w- c:\programdata\GFI Software

    2012-05-08 23:44:59 -------- d-----w- c:\programdata\IObit

    2012-05-08 23:44:47 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\IObit

    2012-05-08 23:44:38 -------- d-----w- c:\program files\IObit

    2012-05-08 23:43:18 -------- d-----w- c:\program files\Defraggler

    .

    ==================== Find3M ====================

    .

    2012-05-09 00:35:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-05-09 00:35:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

    2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll

    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    .

    ============= FINISH: 16:57:29.43 ===============



    And here is attach.txt:



    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft® Windows Vista™ Home Premium

    Boot Device: \Device\HarddiskVolume3

    Install Date: 2/20/2008 1:17:04 PM

    System Uptime: 6/2/2012 1:19:05 PM (3 hours ago)

    .

    Motherboard: Dell Inc. | | 0RY007

    Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2331/333mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 456 GiB total, 308.99 GiB free.

    D: is FIXED (NTFS) - 10 GiB total, 5.989 GiB free.

    E: is CDROM (UDF)

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP1621: 5/18/2012 12:30:06 PM - Windows Update

    RP1622: 5/19/2012 11:04:46 PM - Scheduled Checkpoint

    RP1623: 5/20/2012 3:00:13 AM - Windows Update

    RP1624: 5/20/2012 5:56:41 PM - Scheduled Checkpoint

    RP1625: 5/20/2012 10:47:51 PM - Windows Update

    RP1626: 5/21/2012 2:34:52 PM - Scheduled Checkpoint

    RP1627: 5/21/2012 3:20:57 PM - Windows Update

    RP1628: 5/21/2012 3:31:44 PM - Restore Operation

    RP1629: 5/21/2012 3:41:16 PM - Windows Update

    RP1630: 5/21/2012 10:21:15 PM - Windows Update

    RP1631: 5/24/2012 8:48:30 PM - Scheduled Checkpoint

    RP1632: 5/25/2012 11:22:02 AM - Windows Update

    RP1633: 5/25/2012 11:34:03 AM - avast! Internet Security Setup

    RP1634: 5/25/2012 2:09:46 PM - Windows Update

    RP1635: 5/27/2012 12:52:55 PM - Windows Update

    RP1636: 5/28/2012 12:35:18 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers

    RP1637: 5/28/2012 12:36:01 AM - Device Driver Package Install: Apple Network adapters

    RP1638: 5/28/2012 12:36:57 AM - Installed iTunes

    RP1639: 5/28/2012 3:00:10 AM - Windows Update

    RP1640: 5/28/2012 11:58:57 PM - Windows Update

    RP1641: 5/29/2012 3:00:11 AM - Windows Update

    RP1642: 5/29/2012 8:43:03 PM - Scheduled Checkpoint

    RP1643: 5/30/2012 3:00:11 AM - Windows Update

    RP1644: 5/31/2012 7:18:53 PM - Windows Update

    RP1645: 5/31/2012 7:20:08 PM - Removed Ad-Aware Antivirus.

    RP1646: 5/31/2012 8:07:13 PM - Windows Update

    RP1647: 5/31/2012 8:11:39 PM - Removed Ad-Aware Antivirus.

    RP1648: 5/31/2012 8:16:24 PM - Removed Ad-Aware Antivirus.

    RP1649: 5/31/2012 9:57:32 PM - Removed Ad-Aware Antivirus.

    RP1650: 5/31/2012 11:43:30 PM - Windows Update

    RP1651: 6/1/2012 12:17:26 PM - Windows Update

    RP1652: 6/1/2012 12:20:21 PM - Windows Update

    RP1653: 6/1/2012 12:50:05 PM - Windows Update

    RP1654: 6/1/2012 6:58:20 PM - Removed AVG 2012

    RP1655: 6/1/2012 7:00:54 PM - Removed AVG 2012

    RP1656: 6/2/2012 12:45:02 AM - Windows Update

    RP1657: 6/2/2012 1:05:50 PM - Removed Ad-Aware Antivirus.

    .

    ==== Installed Programs ======================

    .

    7-Zip 9.20

    Ad-Aware Antivirus

    Ad-Aware Browsing Protection

    Ad-Aware Security Toolbar

    Adobe Acrobat 4.0

    Adobe AIR

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader X (10.1.3)

    Adobe Shockwave Player 11.5

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    Audacity 1.3.14 (Unicode)

    Auslogics Disk Defrag Professional

    Bonjour

    Browser Address Error Redirector

    CCleaner

    Combat Arms

    COWON Media Center - jetAudio Basic VX

    Defraggler

    Dell DataSafe Online

    Dell Driver Download Manager

    Dell Getting Started Guide

    Epson CreativeZone

    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

    Epson Event Manager

    Epson FAX Utility

    Epson PC-FAX Driver

    EPSON Scan

    EPSON WorkForce 840 Series Printer Uninstall

    EpsonNet Print

    Finding Nemo UWF

    Finding Nemo: Nemo's Underwater World of Fun

    foobar2000 v1.1.11

    Free File Opener

    Google Chrome

    Google Desktop

    Google Drive

    Google Toolbar for Internet Explorer

    Google Update Helper

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Index.dat Analyzer v2.0

    Intel® Graphics Media Accelerator Driver

    Intel® PRO Network Connections 12.1.11.0

    Intel® TV Wizard

    iTunes

    Java Auto Updater

    Java™ 6 Update 31

    Java™ 7 Update 4

    Java™ SE Runtime Environment 6

    JavaFX 2.1.0

    Mabinogi

    Malwarebytes Anti-Malware version 1.61.0.1400

    McAfee SiteAdvisor

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 3.5 SP1

    Microsoft .NET Framework 4 Client Profile

    Microsoft Antimalware

    Microsoft Application Error Reporting

    Microsoft Calculator Plus

    Microsoft Mathematics

    Microsoft Office 2003 Resource Kit

    Microsoft Silverlight

    Microsoft VC9 runtime libraries

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

    Microsoft Works

    Mozilla Firefox 12.0 (x86 en-US)

    Mozilla Maintenance Service

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB941833)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    Music, Photos & Videos Launcher

    Nexon Game Manager

    OGA Notifier 2.0.0048.0

    OpenOffice.org 3.4

    Pando Media Booster

    PDF Tablet 0.1

    Product Documentation Launcher

    QuickTime

    RealNetworks - Microsoft Visual C++ 2005 Runtime

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    Realtek High Definition Audio Driver

    RealUpgrade 1.1

    Recuva

    Roblox

    Roblox for JT

    Roxio Creator Copy

    Roxio Creator Data

    Roxio Creator DE

    Roxio Creator Tools

    Roxio Express Labeler

    Roxio MyDVD DE

    Roxio Update Manager

    Sansa Updater

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Sonic Activation Module

    Spelling Dictionaries Support For Adobe Reader 8

    StreamTorrent 1.0

    System Requirements Lab CYRI

    System Requirements Lab for Intel

    TeamViewer 7

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    USB Video Driver

    User's Guides

    Visual C++ 2008 x86 Runtime - (v9.0.30729)

    Visual C++ 2008 x86 Runtime - v9.0.30729.01

    Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)

    Windows Live ID Sign-in Assistant

    Windows Live Sign-in Assistant

    Windows Media Player Firefox Plugin

    Yahoo! Toolbar

    .

    ==== Event Viewer Messages From Past Week ========

    .

    6/2/2012 4:31:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware Service service to connect.

    6/2/2012 4:31:21 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    6/2/2012 12:46:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

    6/2/2012 1:22:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}

    6/2/2012 1:21:06 PM, Error: Service Control Manager [7023] -

    6/2/2012 1:21:06 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the path specified.

    6/2/2012 1:21:06 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: Cannot create a file when that file already exists.

    6/2/2012 1:10:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

    6/1/2012 12:52:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

    5/31/2012 9:56:50 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.

    5/31/2012 9:46:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}

    5/31/2012 7:14:40 PM, Error: EventLog [6008] - The previous system shutdown at 4:52:04 PM on 5/30/2012 was unexpected.

    5/31/2012 10:27:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    5/31/2012 10:19:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

    5/31/2012 10:18:30 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

    5/31/2012 10:17:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6

    5/31/2012 10:17:10 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

    5/31/2012 10:17:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

    5/31/2012 10:17:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

    5/31/2012 10:17:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

    5/31/2012 10:17:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    5/31/2012 10:16:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

    5/31/2012 10:16:30 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

    5/31/2012 10:16:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

    5/29/2012 7:37:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    5/29/2012 4:08:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    5/29/2012 12:17:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    5/29/2012 11:38:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.

    5/29/2012 11:37:17 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).

    5/28/2012 12:30:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    5/28/2012 11:54:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    5/27/2012 12:49:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    .

    ==== End Of File ===========================

    I Will also attatch them.
    0
  • Customer
    Thanks for the notice on java, that explains why some sites don't work properly /biggrin.png' class='bbc_emoticon' alt=':D' />

    I will run the removal tools for Avast and AVG. I used to use avast and ad-aware, but I found out those programs did't work properly together, so I uninstalled avast. I ran AVG before I started this topic, because I thought maybe spyware or malware could be causing the program. I have not tried running the ad aware installer as an administrator, so I will uninstall ad aware and run the installer as an administrator. I also do have multiple user accounts on this computer. I will try all these solutions and give you the results once I do.
    0
  • Customer
    OK, there are 6 user accounts on this computer. I ran the uninstaller and the installer as an administrator, restarted, ran ad-aware and nothing happened. There is no removal tool for AVG and avast. Also, I don't have Microsoft Security Essentials installed. What should I do?
    0
  • Support
    AVG Remover: http://www.avg.com/ww-en/utilities

    Avast Uninstall: http://www.avast.com/uninstall-utility



    Uninstall Ad-Aware again. Restart the computer, run DDS and paste DDS.txt into your answer.



    Have you used the register editor, regedit, before?
    0
  • Customer
    OK, I ran both of those. I think I have used regedit before.

    Anyways, DDS:

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

    Run by JT at 13:06:23 on 2012-06-05

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.2087 [GMT -5:00]

    .

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\userinit.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Windows\RtHDVCpl.exe

    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Windows\System32\wpcumi.exe

    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4WZPH_enUS451

    uWindow Title = Internet Explorer provided by Dell

    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221

    uSearch Bar =

    mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}

    mDefault_Page_URL = hxxp://www.yahoo.com

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    uURLSearchHooks: H - No File

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

    TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File

    TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File

    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

    uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SDE5E.tmp" /EF "HKCU"

    uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SE2D1.tmp" /EF "HKCU"

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

    dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    LSP: c:\windows\system32\wpclsp.dll

    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

    DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

    TCP: DhcpNameServer = 192.168.11.1

    TCP: Interfaces\{6464EB9C-D332-449A-9306-D9BF50D896D4} : DhcpNameServer = 192.168.11.1

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Notify: igfxcui - igfxdev.dll

    AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

    Hosts: 127.0.0.1 www.spywareinfoforum.com

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6602d08f-aa45-4e6e-a466-2cbedf731f62%7D&mid=842549be547b47d1a1f4d1544f6dbb71-fbd19c0f95a374fa4daef549a6b5e41a63dccc4d&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-05-31%2022%3A27%3A36&sap=ku&q=

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll

    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

    FF - plugin: c:\windows\system32\npDeployJava1.dll

    FF - plugin: c:\windows\system32\npmproxy.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]

    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]

    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95200]

    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]

    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]

    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]

    S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]

    .

    =============== Created Last 30 ================

    .

    2012-06-05 03:00:04 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware

    2012-06-05 02:57:51 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus

    2012-06-04 05:26:47 -------- d-----w- c:\program files\Oracle

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

    2012-06-02 01:57:37 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\StreamTorrent

    2012-06-02 01:57:37 -------- d-----w- c:\program files\StreamTorrent 1.0

    2012-06-01 17:27:58 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07bd90c3-e787-4b16-8508-f53e8fa0df01}\mpengine.dll

    2012-06-01 17:27:51 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

    2012-06-01 02:46:37 -------- d-----w- C:\Free File Opener

    2012-06-01 01:27:28 -------- d-----w- c:\program files\Ad-Aware Antivirus

    2012-05-30 00:52:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\SanDisk

    2012-05-29 05:00:27 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1240c88a-a1e7-4ae9-b30c-78ca62121b45}\mpengine.dll

    2012-05-28 05:37:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2012-05-28 05:37:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll

    2012-05-28 05:37:28 -------- d-----w- c:\program files\iPod

    2012-05-28 05:37:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    2012-05-28 05:37:27 -------- d-----w- c:\program files\iTunes

    2012-05-28 05:35:05 -------- d-----w- c:\program files\Bonjour

    2012-05-18 00:56:04 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\COWON

    2012-05-18 00:52:58 -------- d-----w- c:\program files\common files\COWON

    2012-05-18 00:52:57 -------- d-----w- c:\program files\JetAudio

    2012-05-17 22:10:31 -------- d-----w- c:\program files\Microsoft Mathematics

    2012-05-17 02:17:09 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\OpenOffice.org

    2012-05-17 01:52:11 -------- d-----w- c:\program files\OpenOffice.org 3

    2012-05-14 23:22:20 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\TeamViewer

    2012-05-14 23:20:50 -------- d-----w- c:\program files\TeamViewer

    2012-05-13 19:35:32 -------- d-----w- c:\program files\Microsoft Calculator Plus

    2012-05-13 00:06:39 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

    2012-05-12 23:09:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    2012-05-11 18:43:30 -------- d-----w- C:\IObit

    2012-05-10 01:15:51 1069056 ----a-w- c:\windows\system32\DWrite.dll

    2012-05-10 01:15:50 683008 ----a-w- c:\windows\system32\d2d1.dll

    2012-05-10 01:15:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

    2012-05-10 01:15:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll

    2012-05-10 01:15:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

    2012-05-10 01:15:47 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-05-10 01:15:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2012-05-10 01:14:33 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

    2012-05-10 01:14:20 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll

    2012-05-10 01:14:20 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll

    2012-05-10 01:14:20 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

    2012-05-10 01:14:20 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll

    2012-05-10 01:14:20 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

    2012-05-10 01:14:19 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe

    2012-05-10 01:13:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-05-10 01:13:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-10 01:13:47 2044928 ----a-w- c:\windows\system32\win32k.sys

    2012-05-09 22:07:30 -------- d-----w- c:\program files\Mozilla Maintenance Service

    2012-05-09 22:07:28 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

    2012-05-09 22:07:28 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

    2012-05-09 11:46:57 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Auslogics

    2012-05-09 11:46:54 -------- d-----w- c:\program files\Auslogics

    2012-05-09 02:27:43 -------- d-----w- c:\programdata\GFI Software

    2012-05-08 23:44:59 -------- d-----w- c:\programdata\IObit

    2012-05-08 23:44:47 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\IObit

    2012-05-08 23:44:38 -------- d-----w- c:\program files\IObit

    2012-05-08 23:43:18 -------- d-----w- c:\program files\Defraggler

    .

    ==================== Find3M ====================

    .

    2012-05-09 00:35:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-05-09 00:35:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

    2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll

    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    .

    ============= FINISH: 13:07:10.24 ===============

    And attach:

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft® Windows Vista™ Home Premium

    Boot Device: \Device\HarddiskVolume3

    Install Date: 2/20/2008 1:17:04 PM

    System Uptime: 6/5/2012 12:54:52 PM (1 hours ago)

    .

    Motherboard: Dell Inc. | | 0RY007

    Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2331/333mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 456 GiB total, 304.993 GiB free.

    D: is FIXED (NTFS) - 10 GiB total, 5.989 GiB free.

    E: is CDROM (CDFS)

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    .

    ==== Installed Programs ======================

    .

    7-Zip 9.20

    Ad-Aware Browsing Protection

    Ad-Aware Security Toolbar

    Adobe Acrobat 4.0

    Adobe AIR

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader X (10.1.3)

    Adobe Shockwave Player 11.5

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    Audacity 1.3.14 (Unicode)

    Auslogics Disk Defrag Professional

    Bonjour

    Browser Address Error Redirector

    CCleaner

    Combat Arms

    COWON Media Center - jetAudio Basic VX

    Defraggler

    Dell DataSafe Online

    Dell Driver Download Manager

    Dell Getting Started Guide

    Epson CreativeZone

    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

    Epson Event Manager

    Epson FAX Utility

    Epson PC-FAX Driver

    EPSON Scan

    EPSON WorkForce 840 Series Printer Uninstall

    EpsonNet Print

    Finding Nemo UWF

    Finding Nemo: Nemo's Underwater World of Fun

    foobar2000 v1.1.11

    Free File Opener

    Google Chrome

    Google Desktop

    Google Drive

    Google Toolbar for Internet Explorer

    Google Update Helper

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Index.dat Analyzer v2.0

    Intel® Graphics Media Accelerator Driver

    Intel® PRO Network Connections 12.1.11.0

    Intel® TV Wizard

    iTunes

    Java Auto Updater

    Java™ 7 Update 4

    JavaFX 2.1.0

    Mabinogi

    Malwarebytes Anti-Malware version 1.61.0.1400

    McAfee SiteAdvisor

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 3.5 SP1

    Microsoft .NET Framework 4 Client Profile

    Microsoft Antimalware

    Microsoft Application Error Reporting

    Microsoft Calculator Plus

    Microsoft Mathematics

    Microsoft Office 2003 Resource Kit

    Microsoft Silverlight

    Microsoft VC9 runtime libraries

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

    Microsoft Works

    Mozilla Firefox 12.0 (x86 en-US)

    Mozilla Maintenance Service

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB941833)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    Music, Photos & Videos Launcher

    Nexon Game Manager

    OGA Notifier 2.0.0048.0

    OpenOffice.org 3.4

    Pando Media Booster

    PDF Tablet 0.1

    Product Documentation Launcher

    QuickTime

    RealNetworks - Microsoft Visual C++ 2005 Runtime

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    Realtek High Definition Audio Driver

    RealUpgrade 1.1

    Recuva

    Roblox

    Roblox for JT

    Roxio Creator Copy

    Roxio Creator Data

    Roxio Creator DE

    Roxio Creator Tools

    Roxio Express Labeler

    Roxio MyDVD DE

    Roxio Update Manager

    Sansa Updater

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Sonic Activation Module

    Spelling Dictionaries Support For Adobe Reader 8

    StreamTorrent 1.0

    System Requirements Lab CYRI

    System Requirements Lab for Intel

    TeamViewer 7

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    USB Video Driver

    User's Guides

    Visual C++ 2008 x86 Runtime - (v9.0.30729)

    Visual C++ 2008 x86 Runtime - v9.0.30729.01

    Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)

    Windows Live ID Sign-in Assistant

    Windows Live Sign-in Assistant

    Windows Media Player Firefox Plugin

    Yahoo! Toolbar

    .

    ==== Event Viewer Messages From Past Week ========

    .

    6/5/2012 3:01:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

    6/5/2012 12:56:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

    6/5/2012 12:56:52 PM, Error: Service Control Manager [7023] -

    6/5/2012 12:56:52 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the path specified.

    6/5/2012 12:43:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware Service service to connect.

    6/5/2012 12:43:11 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    6/4/2012 9:44:40 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

    6/4/2012 9:43:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

    6/4/2012 9:43:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    6/4/2012 9:43:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

    6/4/2012 9:43:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

    6/4/2012 9:43:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6

    6/4/2012 9:43:42 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

    6/4/2012 9:43:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

    6/4/2012 9:42:40 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

    6/4/2012 9:42:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

    6/4/2012 10:04:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}

    6/4/2012 10:04:42 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: Cannot create a file when that file already exists.

    6/4/2012 1:30:58 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The operation completed successfully.

    6/1/2012 12:52:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

    5/31/2012 9:56:50 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.

    5/31/2012 9:46:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}

    5/31/2012 7:14:40 PM, Error: EventLog [6008] - The previous system shutdown at 4:52:04 PM on 5/30/2012 was unexpected.

    5/31/2012 10:27:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    5/31/2012 10:19:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

    5/29/2012 7:37:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    5/29/2012 4:08:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    5/29/2012 12:17:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    5/29/2012 11:38:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.

    5/29/2012 11:37:17 PM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).

    .

    ==== End Of File ===========================
    0
  • Support
    Please, create a system restore point before starting the registry editor, regedit: http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/

    Read how you can restore to that restore point, if Windows isn't starting due to bad changes in the registry:

    If you have a Vista DVD: http://www.bleepingcomputer.com/tutorials/system-restore-from-windows-vista-recovery-environment/

    http://windows.microsoft.com/en-us/windows-vista/what-are-the-system-recovery-options-in-windows-vista



    Start regedit, for example by entering regedit in the small search field that is visible when you click the start button.



    Search for "adaware" (without ").

    Repeat the search until you find one of these:

    reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

    reg.exe delete "HKCU\Software\adaware" /f



    Delete that line.

    Repeat the search until you find the other. Delete that line, too.



    Restart the computer.

    Run DDS and paste DDS.txt into your answer. You don't need to attach it and I'm not interested in Attach.txt this time.
    0
  • Customer
    Ok, i'll try that. Also, I have a question. Can you change the screen resolution of ad aware in safe mode? I had a virus or something (13 traces detected) and when I run ad aware, it crashes. I have it running in safe mode but I cant see he full screen, because my other PC can't display any larger than 640x480. Can I change the screen size of ad-aware?
    0
  • Support
    Sorry, the screen resolution can not be set to anything lower. People have wished before to be able to use it with 800x600 which is a rather common netbook size, but not that low.



    You can try to use a context scan instead of a full scan, that is you right-click C:\ in Windows Explorer and select to scan it with Ad-Aware. It is less likely that it crash then.
    0
  • Customer
    Here is the results for DDS:

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

    Run by JT at 20:45:28 on 2012-06-08

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.2018 [GMT -5:00]

    .

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\TeamViewer\Version7\TeamViewer.exe

    C:\Program Files\TeamViewer\Version7\tv_w32.exe

    C:\Windows\RtHDVCpl.exe

    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Windows\System32\wpcumi.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4WZPH_enUS451

    uWindow Title = Internet Explorer provided by Dell

    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221

    uSearch Bar =

    mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}

    mDefault_Page_URL = hxxp://www.yahoo.com

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    uURLSearchHooks: H - No File

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

    TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File

    TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File

    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

    uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SDE5E.tmp" /EF "HKCU"

    uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SE2D1.tmp" /EF "HKCU"

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    LSP: c:\windows\system32\wpclsp.dll

    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

    DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

    TCP: DhcpNameServer = 192.168.11.1

    TCP: Interfaces\{6464EB9C-D332-449A-9306-D9BF50D896D4} : DhcpNameServer = 192.168.11.1

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Notify: igfxcui - igfxdev.dll

    AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

    Hosts: 127.0.0.1 www.spywareinfoforum.com

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6602d08f-aa45-4e6e-a466-2cbedf731f62%7D&mid=842549be547b47d1a1f4d1544f6dbb71-fbd19c0f95a374fa4daef549a6b5e41a63dccc4d&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-05-31%2022%3A27%3A36&sap=ku&q=

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll

    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

    FF - plugin: c:\windows\system32\npDeployJava1.dll

    FF - plugin: c:\windows\system32\npmproxy.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]

    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]

    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95200]

    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257696]

    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]

    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]

    S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]

    .

    =============== Created Last 30 ================

    .

    2012-06-08 06:17:02 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92f21a9a-1f09-4b75-8637-fb5f91c1bddb}\mpengine.dll

    2012-06-06 20:09:49 -------- d-----w- C:\adaware

    2012-06-05 03:00:04 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware

    2012-06-05 02:57:51 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus

    2012-06-04 05:26:47 -------- d-----w- c:\program files\Oracle

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

    2012-06-02 01:57:37 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\StreamTorrent

    2012-06-02 01:57:37 -------- d-----w- c:\program files\StreamTorrent 1.0

    2012-06-01 17:27:58 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07bd90c3-e787-4b16-8508-f53e8fa0df01}\mpengine.dll

    2012-06-01 17:27:51 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

    2012-06-01 02:46:37 -------- d-----w- C:\Free File Opener

    2012-06-01 01:27:28 -------- d-----w- c:\program files\Ad-Aware Antivirus

    2012-05-30 00:52:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\SanDisk

    2012-05-28 05:37:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2012-05-28 05:37:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll

    2012-05-28 05:37:28 -------- d-----w- c:\program files\iPod

    2012-05-28 05:37:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    2012-05-28 05:37:27 -------- d-----w- c:\program files\iTunes

    2012-05-28 05:35:05 -------- d-----w- c:\program files\Bonjour

    2012-05-18 00:56:04 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\COWON

    2012-05-18 00:52:58 -------- d-----w- c:\program files\common files\COWON

    2012-05-18 00:52:57 -------- d-----w- c:\program files\JetAudio

    2012-05-17 22:10:31 -------- d-----w- c:\program files\Microsoft Mathematics

    2012-05-17 02:17:09 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\OpenOffice.org

    2012-05-17 01:52:11 -------- d-----w- c:\program files\OpenOffice.org 3

    2012-05-14 23:22:20 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\TeamViewer

    2012-05-14 23:20:50 -------- d-----w- c:\program files\TeamViewer

    2012-05-13 19:35:32 -------- d-----w- c:\program files\Microsoft Calculator Plus

    2012-05-13 00:06:39 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

    2012-05-12 23:09:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    2012-05-11 18:43:30 -------- d-----w- C:\IObit

    .

    ==================== Find3M ====================

    .

    2012-05-09 00:35:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-05-09 00:35:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

    2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll

    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys

    2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

    .

    ============= FINISH: 20:46:21.55 ===============
    0
  • Support
    Great!

    You managed to remove those two registry entries.



    Please, try to install Ad-Aware again. After the restart of the computer, run DDS and paste DDS.txt again. Please, report how Ad-Aware is behaving now.
    0
  • Customer
    Hi HelpMe12345,

    I will write you in PM. Can you look and answer please?



    Thanks,

    Ann
    0
  • Support
    I think it is a good idea if you follow LS Ann's suggestion. This is a strange problem and it is probably much easier for someone that can connect to your computer to find the solution than to do it in the forum.



    1. Control Panel - Administration Tools - Services

    Find "Ad-Aware Service" in the list and double-click on it.

    Check that the start method is automatic.

    Click on the Start button. What error message do you get?



    2. Let us see what an online scanner says:

    Run an online scan with Eset http://www.eset.com/onlinescan/



    Un-check "Remove found threats"

    Check "Scan Archives"



    Click "Advanced Settings"

    Check:

    Scan for potentially unwanted applications

    Scan for potentially unsafe applications

    Enable Anti-Stealth Technology



    Click Scan



    When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer.



    3. Restart the computer and check if there are any common errors with Windows files and settings by running System File Checker: http://support.microsoft.com/kb/929833
    0
  • Customer
    DDS:

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

    Run by JT at 21:57:26 on 2012-06-12

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1342 [GMT -5:00]

    .

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

    SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

    C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\TeamViewer\Version7\TeamViewer.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\TeamViewer\Version7\tv_w32.exe

    C:\Windows\RtHDVCpl.exe

    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Windows\System32\wpcumi.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    c:\PROGRA~1\mcafee\SITEAD~1\saui.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4WZPH_enUS451

    uWindow Title = Internet Explorer provided by Dell

    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221

    uSearch Bar =

    mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}

    mDefault_Page_URL = hxxp://www.yahoo.com

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    uURLSearchHooks: H - No File

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

    TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File

    TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File

    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

    uRun: [WorkForce 840(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SDE5E.tmp" /EF "HKCU"

    uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_SE2D1.tmp" /EF "HKCU"

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    LSP: c:\windows\system32\wpclsp.dll

    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

    DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

    TCP: DhcpNameServer = 192.168.11.1

    TCP: Interfaces\{6464EB9C-D332-449A-9306-D9BF50D896D4} : DhcpNameServer = 192.168.11.1

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Notify: igfxcui - igfxdev.dll

    AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

    Hosts: 127.0.0.1 www.spywareinfoforum.com

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6602d08f-aa45-4e6e-a466-2cbedf731f62%7D&mid=842549be547b47d1a1f4d1544f6dbb71-fbd19c0f95a374fa4daef549a6b5e41a63dccc4d&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-05-31%2022%3A27%3A36&sap=ku&q=

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll

    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll

    FF - plugin: c:\windows\system32\npDeployJava1.dll

    FF - plugin: c:\windows\system32\npmproxy.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

    R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-9 335224]

    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]

    R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2012-6-9 217976]

    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]

    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]

    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95200]

    R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]

    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-6-9 77816]

    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-6-9 94584]

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]

    S2 0191111339532795mcinstcleanup;McAfee Application Installer Cleanup (0191111339532795);c:\windows\temp\019111~1.exe -cleanup -nolog --> c:\windows\temp\019111~1.EXE -cleanup -nolog [?]

    S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257224]

    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2010-7-21 44432]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]

    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 129976]

    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-6-9 94584]

    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-6-9 93816]

    S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]

    .

    =============== Created Last 30 ================

    .

    2012-06-09 22:45:21 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware

    2012-06-09 22:44:45 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys

    2012-06-09 22:44:45 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys

    2012-06-09 22:44:44 217976 ----a-w- c:\windows\system32\drivers\sbtis.sys

    2012-06-09 22:44:29 -------- d-----w- c:\users\jt.jared-pc\appdata\local\Macromedia

    2012-06-09 22:44:00 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

    2012-06-09 22:44:00 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys

    2012-06-09 22:43:58 -------- d-----w- c:\windows\system32\drivers\VDD

    2012-06-08 06:17:02 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92f21a9a-1f09-4b75-8637-fb5f91c1bddb}\mpengine.dll

    2012-06-06 20:09:49 -------- d-----w- C:\adaware

    2012-06-05 02:57:51 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus

    2012-06-04 05:26:47 -------- d-----w- c:\program files\Oracle

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

    2012-06-02 18:32:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

    2012-06-02 01:57:37 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\StreamTorrent

    2012-06-02 01:57:37 -------- d-----w- c:\program files\StreamTorrent 1.0

    2012-06-01 17:27:58 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07bd90c3-e787-4b16-8508-f53e8fa0df01}\mpengine.dll

    2012-06-01 17:27:51 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

    2012-06-01 02:46:37 -------- d-----w- C:\Free File Opener

    2012-06-01 01:27:28 -------- d-----w- c:\program files\Ad-Aware Antivirus

    2012-05-30 00:52:44 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\SanDisk

    2012-05-28 05:37:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

    2012-05-28 05:37:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll

    2012-05-28 05:37:28 -------- d-----w- c:\program files\iPod

    2012-05-28 05:37:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    2012-05-28 05:37:27 -------- d-----w- c:\program files\iTunes

    2012-05-28 05:35:05 -------- d-----w- c:\program files\Bonjour

    2012-05-18 00:56:04 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\COWON

    2012-05-18 00:52:58 -------- d-----w- c:\program files\common files\COWON

    2012-05-18 00:52:57 -------- d-----w- c:\program files\JetAudio

    2012-05-17 22:10:31 -------- d-----w- c:\program files\Microsoft Mathematics

    2012-05-17 02:17:09 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\OpenOffice.org

    2012-05-17 01:52:11 -------- d-----w- c:\program files\OpenOffice.org 3

    2012-05-14 23:22:20 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\TeamViewer

    2012-05-14 23:20:50 -------- d-----w- c:\program files\TeamViewer

    .

    ==================== Find3M ====================

    .

    2012-06-09 22:41:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-06-09 22:41:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

    2012-04-04 23:47:08 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

    2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll

    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys

    2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

    2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys

    .

    ============= FINISH: 21:58:28.40 ===============
    0
  • Customer
    Sorry I have not been back in a while. Ayways here's the scan. I tried the other thing, and windows fixe errors but it didn't solve the problem.

    The error I get when I run ad aware sevice is this:



    Windows could not start the Ad-Aware Service service on Local Computer.



    Error 1053: The service did not respond to the start or control request in a timely fashion.



    Here is the scan results:

    C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe Win32/Toolbar.Zugo application

    C:\Users\Jared\AppData\Local\Temp\msimg32.dll a variant of Win32/Kryptik.AKMA trojan

    C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1e133708-639f649f a variant of Java/Exploit.CVE-2012-1723.AP trojan
    0
  • Support
    Please, delete C:\Program Files\Search Toolbar.



    The DDS logs says that Microsoft Security Essentials is installed. Do you know anything about that?



    Upload C:\Users\Jared\AppData\Local\Temp\msimg32.dll to http://www.virustotal.com/ using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report.



    Best that you post new DDS logs, both DDS.txt and Attach.txt.
    0
  • Customer
    Sorry, But I already deleted C:\Users\Jared\AppData\Local\Temp\msimg32.dll.

    I did a search on my computer for MSE and it isn't installed.



    Here is DDS:

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

    Run by JT at 16:43:13 on 2012-08-28

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1637 [GMT -5:00]

    .

    AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}

    AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

    SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

    SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Windows\system32\AERTSrv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

    C:\Program Files\TP-LINK\QSS\jswpbapi.exe

    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\System32\wpcumi.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    C:\Program Files\Dell Support Center\bin\sprtcmd.exe

    C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    C:\Program Files\TeamViewer\Version7\TeamViewer.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe

    C:\Program Files\SetPoint\SetPoint.exe

    C:\Program Files\TeamViewer\Version7\tv_w32.exe

    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

    C:\Windows\system32\wuauclt.exe

    c:\PROGRA~1\mcafee\SITEAD~1\saui.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = about:blank

    uWindow Title = Internet Explorer provided by Dell

    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221

    uSearch Bar =

    mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}

    mDefault_Page_URL = hxxp://www.yahoo.com

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    uURLSearchHooks: H - No File

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File

    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

    TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File

    TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File

    uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

    uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_S4C5B.tmp" /EF "HKCU"

    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

    mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

    mRun: [<NO NAME>]

    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\evolue~1.lnk - c:\windows\installer\{a3a814ad-e978-4b68-a548-ac9c560c1b9d}\_A6095E4D62E53F7667CEA7.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

    LSP: c:\windows\system32\wpclsp.dll

    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

    TCP: DhcpNameServer = 192.168.11.1

    TCP: Interfaces\{C2D91CE7-F628-489E-876F-72B5EEE71D4B} : DhcpNameServer = 192.168.11.1

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Notify: igfxcui - igfxdev.dll

    AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

    Hosts: 127.0.0.1 www.spywareinfoforum.com

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\

    FF - prefs.js: browser.search.selectedEngine - Bing

    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

    FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll

    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

    FF - plugin: c:\windows\system32\npDeployJava1.dll

    FF - plugin: c:\windows\system32\npmproxy.dll

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: extensions.incredibar_i.newTab - false

    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQH4mGHPs&loc=IB_TB&i=26&search=

    FF - user.js: extensions.incredibar_i.id - 5666aefd00000000000090f6520c5a9c

    FF - user.js: extensions.incredibar_i.instlDay - 15571

    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:35:21

    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

    FF - user.js: extensions.incredibar_i.prdct - incredibar

    FF - user.js: extensions.incredibar_i.aflt - orgnl

    FF - user.js: extensions.incredibar_i.smplGrp - none

    FF - user.js: extensions.incredibar_i.tlbrId - base

    FF - user.js: extensions.incredibar_i.instlRef -

    FF - user.js: extensions.incredibar_i.dfltLng -

    FF - user.js: extensions.incredibar_i.excTlbr - false

    FF - user.js: extensions.incredibar_i.ms_url_id -

    FF - user.js: extensions.incredibar_i.upn2 - 6PQH4mGHPs

    FF - user.js: extensions.incredibar_i.upn2n - 92543435031852914

    FF - user.js: extensions.incredibar_i.productid - 26

    FF - user.js: extensions.incredibar_i.installerproductid - 26

    FF - user.js: extensions.incredibar_i.did - 10643

    FF - user.js: extensions.incredibar_i.ppd - 1

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-7-21 20384]

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]

    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]

    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]

    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]

    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]

    R2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2012-7-21 188416]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95232]

    R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]

    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-10 1153368]

    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]

    R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-7-21 1387008]

    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]

    R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2012-8-2 20024]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]

    S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]

    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2012-7-21 954368]

    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 113120]

    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-8-28 93816]

    S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    .

    =============== Created Last 30 ================

    .

    2012-08-28 19:49:35 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware

    2012-08-28 19:47:29 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys

    2012-08-28 19:47:18 -------- d-----w- c:\windows\system32\drivers\VDD

    2012-08-28 19:38:52 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus

    2012-08-28 18:49:04 69632 ----a-w- c:\windows\system32\KemXML.dll

    2012-08-28 18:49:04 163840 ----a-w- c:\windows\system32\kemutb.dll

    2012-08-28 18:49:04 131072 ----a-w- c:\windows\system32\KemUtil.dll

    2012-08-28 18:49:04 110592 ----a-w- c:\windows\system32\KemWnd.dll

    2012-08-28 18:48:45 -------- d-----w- c:\program files\SetPoint

    2012-08-28 18:48:43 -------- d-----w- c:\program files\common files\Logitech

    2012-08-28 18:48:24 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll

    2012-08-28 18:48:24 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll

    2012-08-28 18:48:24 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll

    2012-08-28 18:48:23 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll

    2012-08-28 18:48:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

    2012-08-28 18:48:19 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll

    2012-08-28 18:48:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll

    2012-08-20 01:07:58 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\AVS4YOU

    2012-08-20 01:06:10 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll

    2012-08-20 01:06:02 24576 ----a-w- c:\windows\system32\msxml3a.dll

    2012-08-20 01:06:02 -------- d-----w- c:\programdata\AVS4YOU

    2012-08-20 01:06:02 -------- d-----w- c:\program files\common files\AVSMedia

    2012-08-20 01:06:02 -------- d-----w- c:\program files\AVS4YOU

    2012-08-19 22:35:46 -------- d-----w- c:\program files\DVD Shrink

    2012-08-19 22:35:25 -------- d-----w- c:\program files\Perion

    2012-08-15 02:32:59 2047488 ----a-w- c:\windows\system32\win32k.sys

    2012-08-14 23:53:20 623616 ----a-w- c:\windows\system32\localspl.dll

    2012-08-14 03:04:46 -------- d-----w- c:\program files\Microsoft IntelliPoint

    2012-08-14 02:43:58 -------- d-----w- c:\programdata\PC-Doctor

    2012-08-14 02:42:01 -------- d-----w- c:\program files\common files\supportsoft

    2012-08-14 02:41:19 315392 ----a-w- c:\windows\HideWin.exe

    2012-08-14 02:41:18 520192 ----a-w- c:\windows\RtlExUpd.dll

    2012-08-13 22:11:08 -------- d-----w- c:\program files\Evoluent

    2012-08-06 02:44:31 -------- d-----w- c:\users\jt.jared-pc\appdata\local\Downloaded Installations

    2012-08-05 03:25:31 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bd6d61a0-ad8a-4c88-ad9e-415bea41a8cc}\mpengine.dll

    2012-08-05 00:06:35 -------- d-----w- c:\program files\ESET

    2012-08-02 19:51:40 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys

    2012-07-29 23:03:57 -------- dc-h--w- c:\programdata\{174CB352-A040-4B6C-A7AF-265990FED40B}

    2012-07-29 23:03:56 -------- d-----w- c:\program files\Ultimate Encoder 7 Free

    2012-07-29 22:59:09 -------- d-----w- c:\users\jt.jared-pc\appdata\local\PackageAware

    .

    ==================== Find3M ====================

    .

    2012-08-15 01:35:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-08-15 01:35:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-08-14 02:41:28 319456 ----a-w- c:\windows\DIFxAPI.dll

    2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll

    2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll

    2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe

    2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll

    2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

    2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

    2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll

    2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll

    2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

    .

    ============= FINISH: 16:44:26.02 ===============

    And attach.txt:



    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft® Windows Vista™ Home Premium

    Boot Device: \Device\HarddiskVolume3

    Install Date: 2/20/2008 1:17:04 PM

    System Uptime: 8/28/2012 4:35:03 PM (0 hours ago)

    .

    Motherboard: Dell Inc. | | 0RY007

    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2331/333mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 456 GiB total, 290.163 GiB free.

    D: is FIXED (NTFS) - 10 GiB total, 5.989 GiB free.

    E: is CDROM (CDFS)

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    .

    ==== Installed Programs ======================

    .

    7-Zip 9.20

    Ad-Aware Antivirus

    Ad-Aware Browsing Protection

    Ad-Aware Security Toolbar

    Adobe Acrobat 4.0

    Adobe AIR

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader X (10.1.3)

    Adobe Shockwave Player 11.5

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    Audacity 1.3.14 (Unicode)

    Auslogics Disk Defrag Professional

    AVS Update Manager 1.0

    AVS Video Converter 8

    AVS4YOU Software Navigator 1.4

    Bonjour

    Browser Address Error Redirector

    CCleaner

    CDDRV_Installer

    Combat Arms

    COWON Media Center - jetAudio Basic VX

    Defraggler

    Dell DataSafe Online

    Dell Driver Download Manager

    Dell Getting Started Guide

    Dell Support Center (Support Software)

    DVD Shrink 3.2

    Epson CreativeZone

    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

    Epson Event Manager

    Epson FAX Utility

    Epson PC-FAX Driver

    EPSON Scan

    EPSON WorkForce 840 Series Printer Uninstall

    EpsonNet Print

    ESET Online Scanner v3

    Evoluent Mouse Manager

    Finding Nemo UWF

    Finding Nemo: Nemo's Underwater World of Fun

    foobar2000 v1.1.11

    Free File Opener

    Google Chrome

    Google Desktop

    Google Drive

    Google Toolbar for Internet Explorer

    Google Update Helper

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    iCloud

    Index.dat Analyzer v2.0

    Intel(R) Graphics Media Accelerator Driver

    Intel(R) PRO Network Connections

    Intel(R) TV Wizard

    iTunes

    Java Auto Updater

    Java(TM) 7 Update 4

    JavaFX 2.1.0

    KhalSetup

    Mabinogi

    Malwarebytes Anti-Malware version 1.61.0.1400

    McAfee SiteAdvisor

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 3.5 SP1

    Microsoft .NET Framework 4 Client Profile

    Microsoft Antimalware

    Microsoft Application Error Reporting

    Microsoft Calculator Plus

    Microsoft IntelliPoint 8.2

    Microsoft Mathematics

    Microsoft Office 2003 Resource Kit

    Microsoft Silverlight

    Microsoft VC9 runtime libraries

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

    Microsoft Works

    Mozilla Firefox 14.0.1 (x86 en-US)

    Mozilla Maintenance Service

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB941833)

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    Music, Photos & Videos Launcher

    MyTomTom 3.2.0.700

    Nexon Game Manager

    OGA Notifier 2.0.0048.0

    OpenOffice.org 3.4

    Pando Media Booster

    PDF Tablet 0.1

    Product Documentation Launcher

    QSS Installation Program

    QuickTime

    RealNetworks - Microsoft Visual C++ 2005 Runtime

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    RealUpgrade 1.1

    Recuva

    Roblox

    Roblox for JT

    Roxio Creator Copy

    Roxio Creator Data

    Roxio Creator DE

    Roxio Creator Tools

    Roxio Express Labeler

    Roxio MyDVD DE

    Roxio Update Manager

    Sansa Updater

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    SetPoint

    Sonic Activation Module

    Spelling Dictionaries Support For Adobe Reader 8

    Spybot - Search & Destroy

    StreamTorrent 1.0

    System Requirements Lab CYRI

    System Requirements Lab for Intel

    TeamViewer 7

    TP-LINK Wireless Client Utility

    Ultimate Encoder 7 Free

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    USB Video Driver

    User's Guides

    Visual C++ 2008 x86 Runtime - (v9.0.30729)

    Visual C++ 2008 x86 Runtime - v9.0.30729.01

    Visual Studio C++ 10.0 Runtime

    Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)

    Windows Live ID Sign-in Assistant

    Windows Live Sign-in Assistant

    Windows Media Player Firefox Plugin

    Yahoo! Toolbar

    .

    ==== Event Viewer Messages From Past Week ========

    .

    8/28/2012 4:44:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware Service service to connect.

    8/28/2012 4:44:11 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    8/28/2012 4:36:45 PM, Error: Service Control Manager [7023] -

    8/28/2012 4:36:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}

    8/28/2012 4:34:05 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

    8/28/2012 4:32:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

    8/28/2012 4:32:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

    8/28/2012 4:32:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

    8/28/2012 4:32:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    8/28/2012 4:32:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

    8/28/2012 4:32:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    8/28/2012 4:32:06 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

    8/28/2012 4:32:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

    8/28/2012 4:32:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

    8/28/2012 4:32:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC jswpslwf MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

    8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

    8/28/2012 2:44:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

    8/28/2012 2:39:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

    8/28/2012 2:38:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

    8/28/2012 2:37:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    8/28/2012 2:37:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SBRE spldr Wanarpv6

    8/28/2012 2:24:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

    8/28/2012 2:22:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

    .

    ==== End Of File ===========================
    0
  • Support
    Win32/Kryptik.AKMA trojan can be a very serious infection. We have to use other programs that searches deeper.



    1.

    Please, save RougueKiller on the Desktop.

    http://www.sur-la-toile.com/RogueKiller/

    Turn off all running programs and remove any external drives and other devices connected with USB except mouse and keyboard.



    Start RougueKiller (in Vista and Windows 7 right-click the program and select "Run as administrator"). If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.



    Wait until "Prescan" has finished.

    Click on "Scan" button in upper right corner.

    Wait until the scan has finished.



    A report with a name similar to RKreport.txt should have been created on the desktop.

    Please, post it in your answer.



    2.

    Please, download aswMBR to your desktop. http://public.avast.com/~gmerek/aswMBR.exe



    Double click it to start the program.

    Allow it to download extra definitions.

    Click the [b]Scan[/b] button to start the scan.

    When the scan has finished click the [b]Save log[/b] button and save it to your desktop.

    Post the log.



    3.

    Save TDSSKiller on the Desktop:

    http://support.kaspersky.com/downloads/utils/tdsskiller.exe



    Turn off all programs.

    Run the program TDSSKiller.



    Click on [b]Start Scan[/b].



    If any [u]malicious[/u] objects are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip[/b]. If any [u]suspicious [/u] objects are found select [b]Skip [/b]Do NOT select Quarantine or Delete.

    The computer might need a restart.



    Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.
    0
  • Support
    Please, log in as Jared and not JT since it was in Jared's folder the trojan was found. Turn off all running programs before running RogueKiller again. Paste the log into your answer.
    0
  • Customer
    Log:

    RogueKiller V8.0.1 [08/30/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: [url="http://www.geekstogo.com/forum/files/file/413-roguekiller/"]http://www.geekstogo.com/forum/files/file/413-roguekiller/[/url]

    Blog: [url="http://tigzyrk.blogspot.com"]http://tigzyrk.blogspot.com[/url]

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

    Started in : Normal mode

    User : Jared [Admin rights]

    Mode : Scan -- Date : 08/31/2012 17:37:00

    ¤¤¤ Bad processes : 7 ¤¤¤

    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED

    [SUSP PATH] SansaDispatch.exe -- C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]

    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED

    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED

    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED

    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED

    [SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED

    ¤¤¤ Registry Entries : 12 ¤¤¤

    [RUN][SUSP PATH] HKUS\S-1-5-21-215613564-3252992321-3342676906-1011[...]\Run : SansaDispatch (C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND

    [TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> FOUND

    [TASK][ROGUE ST] 4667 : wscript.exe -> FOUND

    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    ::1 localhost

    127.0.0.1 [url="http://www.007guard.com"]www.007guard.com[/url]

    127.0.0.1 007guard.com

    127.0.0.1 008i.com

    127.0.0.1 [url="http://www.008k.com"]www.008k.com[/url]

    127.0.0.1 008k.com

    127.0.0.1 [url="http://www.00hq.com"]www.00hq.com[/url]

    127.0.0.1 00hq.com

    127.0.0.1 010402.com

    127.0.0.1 [url="http://www.032439.com"]www.032439.com[/url]

    127.0.0.1 032439.com

    127.0.0.1 [url="http://www.0scan.com"]www.0scan.com[/url]

    127.0.0.1 0scan.com

    127.0.0.1 1000gratisproben.com

    127.0.0.1 [url="http://www.1000gratisproben.com"]www.1000gratisproben.com[/url]

    127.0.0.1 1001namen.com

    127.0.0.1 [url="http://www.1001namen.com"]www.1001namen.com[/url]

    127.0.0.1 100888290cs.com

    127.0.0.1 [url="http://www.100888290cs.com"]www.100888290cs.com[/url]

    127.0.0.1 [url="http://www.100sexlinks.com"]www.100sexlinks.com[/url]

    [...]



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++

    --- User ---

    [MBR] 25eb30350c9e160deb561013fb9d3a61

    [BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code

    Partition table:

    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo

    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 466651 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>

    RKreport[1].txt
    0
  • Support
    Perform everything from the Jared account.



    1.

    Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.



    Read carefully and note the "Disclaimer of warranty"!



    Paste the content of the log into your answer.

    If ComboFix displays a message, for example that a rootkit was found, write it down as detailed as possible.



    2.

    Please, also run DDS and paste DDS.txt.
    0
  • Customer
    Log:

    ComboFix 12-09-01.01 - Jared 09/02/2012 21:06:12.1.2 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1948 [GMT -5:00]

    Running from: c:\users\Jared\Desktop\ComboFix.exe

    AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

    SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    C:\install.exe

    C:\Microsoft

    c:\program files\Object

    c:\program files\Object\config.ini

    c:\program files\SGPSA

    c:\programdata\30400248

    c:\users\Jared\g2mdlhlpx.exe

    c:\users\Jared\Mabinogi .lnk

    c:\users\JT\AppData\Roaming\adaware-installer-reboot-required.tmp

    c:\users\Public\Favorites\Mabinogi.exe

    c:\windows\security\Database\tmp.edb

    c:\windows\system32\Cache

    c:\windows\system32\Cache\272512937d9e61a4.fb

    c:\windows\system32\Cache\287204568329e189.fb

    c:\windows\system32\Cache\28bc8f716fd76a47.fb

    c:\windows\system32\Cache\2c53092c95605355.fb

    c:\windows\system32\Cache\3917078cb68ec657.fb

    c:\windows\system32\Cache\590ba23ce359fd0c.fb

    c:\windows\system32\Cache\610289e025a3ee9a.fb

    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

    c:\windows\system32\Cache\912302e72feb4daf.fb

    c:\windows\system32\Cache\a73a4c6506b67c11.fb

    c:\windows\system32\Cache\a8556537add6dfc5.fb

    c:\windows\system32\Cache\ad10a52aff5e038d.fb

    c:\windows\system32\Cache\c4d28dca2e7648be.fb

    c:\windows\system32\Cache\d201ef9910cd39de.fb

    c:\windows\system32\Cache\d2e94710a5708128.fb

    c:\windows\system32\Cache\d79b9dfe81484ec4.fb

    c:\windows\system32\Cache\e0de16f883bea794.fb

    c:\windows\system32\Cache\ff30fd7744a0c9b3.fb

    c:\windows\system32\URTTemp

    c:\windows\system32\URTTemp\regtlib.exe

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))

    .

    .

    2012-09-03 02:16 . 2012-09-03 02:17 -------- d-----w- c:\users\Jared\AppData\Local\temp

    2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

    2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\JT\AppData\Local\temp

    2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\temp

    2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Guest\AppData\Local\temp

    2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Elly\AppData\Local\temp

    2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\temp

    2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

    2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Zach\AppData\Local\temp

    2012-09-02 18:04 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9ED34764-E327-4073-BF31-701BACEE7BE8}\gapaengine.dll

    2012-09-02 17:55 . 2012-09-02 17:55 -------- d-----w- C:\adawarebp

    2012-09-02 17:51 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55C03909-67B2-43DA-8591-C9395FC4D665}\gapaengine.dll

    2012-08-31 23:31 . 2012-08-31 23:31 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\adawarebp

    2012-08-31 23:12 . 2012-08-31 23:12 -------- d-----w- c:\program files\Microsoft IntelliType Pro

    2012-08-31 22:54 . 2012-08-31 22:54 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Roaming\Logitech

    2012-08-31 22:42 . 2012-08-31 22:42 -------- d-----w- c:\program files\adawaretb

    2012-08-31 22:40 . 2012-08-23 05:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAF52525-2499-4BFA-8258-31E4D10C9C5B}\mpengine.dll

    2012-08-31 01:22 . 2012-08-28 06:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E51D34A3-9DC5-43A9-9787-436465C6F488}\mpengine.dll

    2012-08-31 00:56 . 2012-09-02 18:09 -------- d-----w- c:\users\JT.Jared-PC\Tracing

    2012-08-31 00:53 . 2012-08-31 00:53 -------- d-----w- c:\windows\en

    2012-08-31 00:52 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

    2012-08-31 00:50 . 2012-08-31 00:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

    2012-08-31 00:46 . 2012-08-31 00:54 -------- d-----w- c:\program files\Windows Live

    2012-08-31 00:42 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

    2012-08-31 00:41 . 2012-08-31 01:17 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\Windows Live

    2012-08-31 00:41 . 2012-08-31 00:41 -------- d-----w- c:\program files\Common Files\Windows Live

    2012-08-29 23:17 . 2012-08-29 23:17 -------- d-----w- c:\users\Elly\AppData\Local\Free File Opener

    2012-08-29 23:10 . 2012-08-29 23:10 -------- d-----w- c:\users\Elly\AppData\Local\Unity

    2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Roaming\Logitech

    2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Local\SupportSoft

    2012-08-28 23:33 . 2012-08-28 23:33 -------- d-----w- c:\users\Elly\AppData\Roaming\Logitech

    2012-08-28 19:49 . 2012-08-28 20:21 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\adaware

    2012-08-28 19:47 . 2011-12-19 17:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys

    2012-08-28 19:47 . 2012-08-28 19:47 -------- d-----w- c:\windows\system32\drivers\VDD

    2012-08-28 19:39 . 2012-08-28 19:39 -------- d-----w- c:\programdata\Lavasoft

    2012-08-28 19:38 . 2012-08-28 19:50 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Ad-Aware Antivirus

    2012-08-28 19:09 . 2012-08-28 19:09 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Logitech

    2012-08-28 18:49 . 2006-11-16 18:44 69632 ----a-w- c:\windows\system32\KemXML.dll

    2012-08-28 18:49 . 2006-11-16 18:44 163840 ----a-w- c:\windows\system32\kemutb.dll

    2012-08-28 18:49 . 2006-11-16 18:44 110592 ----a-w- c:\windows\system32\KemWnd.dll

    2012-08-28 18:49 . 2006-11-16 18:44 131072 ----a-w- c:\windows\system32\KemUtil.dll

    2012-08-28 18:48 . 2012-08-28 18:48 -------- d-----w- c:\programdata\Logitech

    2012-08-28 18:48 . 2012-08-28 18:53 -------- d-----w- c:\program files\SetPoint

    2012-08-28 18:48 . 2012-08-28 18:49 -------- d-----w- c:\program files\Common Files\Logitech

    2012-08-28 18:48 . 2005-04-04 04:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

    2012-08-28 18:48 . 2005-04-04 04:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

    2012-08-28 18:48 . 2005-04-04 04:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

    2012-08-28 18:48 . 2005-04-04 04:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

    2012-08-28 18:48 . 2005-04-04 03:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

    2012-08-28 18:48 . 2012-08-28 18:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

    2012-08-28 18:48 . 2012-08-28 18:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

    2012-08-20 01:07 . 2012-08-20 01:07 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\AVS4YOU

    2012-08-20 01:06 . 2012-03-24 00:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll

    2012-08-20 01:06 . 2012-08-20 01:07 -------- d-----w- c:\programdata\AVS4YOU

    2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\AVS4YOU

    2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\Common Files\AVSMedia

    2012-08-20 01:06 . 2012-03-24 00:59 24576 ----a-w- c:\windows\system32\msxml3a.dll

    2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\DVD Shrink

    2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\Perion

    2012-08-19 22:35 . 2012-08-19 22:35 448 ----a-w- C:\user.js

    2012-08-19 21:35 . 2012-08-19 21:35 -------- d-----w- c:\users\JT\AppData\Local\Apps

    2012-08-15 02:32 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys

    2012-08-14 23:53 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll

    2012-08-14 03:04 . 2012-08-14 03:04 -------- d-----w- c:\program files\Microsoft IntelliPoint

    2012-08-14 02:43 . 2012-08-14 02:43 -------- d-----w- c:\programdata\PC-Doctor

    2012-08-14 02:42 . 2012-08-14 02:42 -------- d-----w- c:\program files\Common Files\supportsoft

    2012-08-14 02:41 . 2012-08-14 02:41 315392 ----a-w- c:\windows\HideWin.exe

    2012-08-14 02:41 . 2007-07-26 22:09 520192 ----a-w- c:\windows\RtlExUpd.dll

    2012-08-13 22:11 . 2012-08-13 22:11 -------- d-----w- c:\program files\Evoluent

    2012-08-09 18:13 . 2012-08-09 18:13 -------- d-----w- c:\users\Zach\AppData\Roaming\Ad-Aware Antivirus

    2012-08-06 16:59 . 2012-08-06 16:59 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Roaming\Ad-Aware Antivirus

    2012-08-06 14:17 . 2012-08-06 14:17 -------- d-----w- c:\users\Elly\AppData\Roaming\Ad-Aware Antivirus

    2012-08-06 02:44 . 2012-08-06 02:44 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\Downloaded Installations

    2012-08-05 00:06 . 2012-08-05 00:06 -------- d-----w- c:\program files\ESET

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-08-31 00:46 . 2009-08-18 17:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2012-08-31 00:41 . 2012-04-02 12:09 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-08-31 00:41 . 2011-12-02 22:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-08-23 05:15 . 2012-06-01 17:27 7022536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

    2012-08-23 05:15 . 2012-03-02 23:38 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-08-14 02:41 . 2011-12-12 22:28 319456 ----a-w- c:\windows\DIFxAPI.dll

    2012-08-02 19:51 . 2012-08-02 19:51 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys

    2012-06-05 16:47 . 2012-07-13 01:19 1401856 ----a-w- c:\windows\system32\msxml6.dll

    2012-06-05 16:47 . 2012-07-13 01:19 1248768 ----a-w- c:\windows\system32\msxml3.dll

    2012-08-25 02:01 . 2012-08-31 00:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    2012-05-12 23:09 . 2012-05-12 23:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]

    .

    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

    2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

    2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

    2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

    2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]

    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]

    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

    "Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-10-11 94208]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]

    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Evoluent Mouse Manager.lnk - c:\windows\Installer\{A3A814AD-E978-4B68-A548-AC9C560C1B9D}\_A6095E4D62E53F7667CEA7.exe [2012-8-13 4286]

    SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2012-8-28 679936]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

    @="Ad-Aware Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

    @="Service"

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]

    backup=c:\windows\pss\BDARemote.lnk.CommonStartup

    backupExtension=.CommonStartup

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]

    backup=c:\windows\pss\Microsoft Find Fast.lnk.CommonStartup

    backupExtension=.CommonStartup

    .

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk]

    backup=c:\windows\pss\Office Startup.lnk.CommonStartup

    backupExtension=.CommonStartup

    .

    [HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]

    backup=c:\windows\pss\CNET TechTracker.lnk.Startup

    backupExtension=.Startup

    path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk

    .

    [HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]

    path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk

    backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup

    backupExtension=.Startup

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

    2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 840 Series]

    2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

    2012-05-12 23:09 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

    2012-02-04 20:57 136176 ----atw- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

    2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]

    2009-09-24 13:51 32871 ----a-w- c:\program files\TP-LINK\QSS\jswtrayutil.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]

    2012-05-18 09:04 434168 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    2011-08-03 21:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 840(Network)]

    2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    "NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID

    .

    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:41]

    .

    2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]

    .

    2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]

    .

    2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001Core.job

    - c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]

    .

    2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001UA.job

    - c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]

    .

    2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003Core.job

    - c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]

    .

    2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003UA.job

    - c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]

    .

    2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011Core.job

    - c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]

    .

    2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011UA.job

    - c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]

    .

    2012-09-02 c:\windows\Tasks\User_Feed_Synchronization-{064C70C4-A09A-458F-8141-F53A9022B020}.job

    - c:\windows\system32\msfeedssync.exe [2011-06-09 16:51]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    LSP: c:\windows\system32\wpclsp.dll

    TCP: DhcpNameServer = 192.168.11.1

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    FF - ProfilePath - c:\users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\y88i8nh3.default\

    FF - prefs.js: browser.search.selectedEngine - Search the Web

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/?rlz=1V1IPYX

    FF - prefs.js: browser.startup.homepage - about:home

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    .

    - - - - ORPHANS REMOVED - - - -

    .

    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

    SafeBoot-50559665.sys

    MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe

    MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]

    Rootkit scan 2012-09-02 21:17

    Windows 6.0.6002 Service Pack 2 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]

    "ImagePath"="%systemroot%\system32\msiexec /V"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Completion time: 2012-09-02 21:19:20

    ComboFix-quarantined-files.txt 2012-09-03 02:19

    .

    Pre-Run: 305,993,748,480 bytes free

    Post-Run: 310,135,627,776 bytes free

    .

    - - End Of File - - 1A77B3384DE4B8FBB453120D5A87F566









    DDS:





    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

    Run by Jared at 0:25:42 on 2012-09-03

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1445 [GMT -5:00]

    .

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

    SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Windows\system32\AERTSrv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

    C:\Program Files\TP-LINK\QSS\jswpbapi.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\System32\wpcumi.exe

    C:\Program Files\Dell Support Center\bin\sprtcmd.exe

    C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Windows\RtHDVCpl.exe

    C:\Program Files\Microsoft IntelliType Pro\itype.exe

    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\system32\notepad.exe

    C:\Windows\explorer.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/

    mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}

    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

    uURLSearchHooks: H - No File

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll

    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll"

    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

    mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\evolue~1.lnk - c:\windows\installer\{a3a814ad-e978-4b68-a548-ac9c560c1b9d}\_A6095E4D62E53F7667CEA7.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

    LSP: c:\windows\system32\wpclsp.dll

    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

    TCP: DhcpNameServer = 192.168.11.1

    TCP: Interfaces\{C2D91CE7-F628-489E-876F-72B5EEE71D4B} : DhcpNameServer = 192.168.11.1

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

    Notify: igfxcui - igfxdev.dll

    AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath -

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-7-21 20384]

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]

    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]

    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]

    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]

    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]

    R2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2012-7-21 188416]

    R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]

    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-10 1153368]

    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]

    R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-7-21 1387008]

    R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]

    R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2012-8-2 20024]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]

    S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]

    S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95232]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250568]

    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]

    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-30 39272]

    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2012-7-21 954368]

    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-30 114144]

    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-8-28 93816]

    S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]

    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

    .

    =============== Created Last 30 ================

    .

    2012-09-03 02:19:27 -------- d-sh--w- C:\$RECYCLE.BIN

    2012-09-03 02:19:27 -------- d-sh--w- \$RECYCLE.BIN

    2012-09-03 02:19:22 -------- d-----w- c:\users\jt\appdata\local\temp

    2012-09-03 02:00:54 98816 ----a-w- c:\windows\sed.exe

    2012-09-03 02:00:54 518144 ----a-w- c:\windows\SWREG.exe

    2012-09-03 02:00:54 256000 ----a-w- c:\windows\PEV.exe

    2012-09-03 02:00:54 208896 ----a-w- c:\windows\MBR.exe

    2012-09-03 02:00:50 -------- d-----w- C:\ComboFix

    2012-09-03 02:00:50 -------- d-----w- \ComboFix

    2012-09-03 01:59:40 -------- d-----w- \Qoobox

    2012-09-02 18:04:20 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9ed34764-e327-4073-bf31-701bacee7be8}\gapaengine.dll

    2012-09-02 17:55:04 -------- d-----w- C:\adawarebp

    2012-09-02 17:55:04 -------- d-----w- \adawarebp

    2012-09-02 17:51:09 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{55c03909-67b2-43da-8591-c9395fc4d665}\gapaengine.dll

    2012-08-31 23:12:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro

    2012-08-31 22:42:35 -------- d-----w- c:\program files\adawaretb

    2012-08-31 22:40:14 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaf52525-2499-4bfa-8258-31e4d10c9c5b}\mpengine.dll

    2012-08-31 01:22:04 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e51d34a3-9dc5-43a9-9787-436465c6f488}\mpengine.dll

    2012-08-31 00:53:47 -------- d-----w- c:\windows\en

    2012-08-31 00:52:28 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

    2012-08-31 00:50:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

    2012-08-31 00:42:55 754688 ----a-w- c:\windows\system32\webservices.dll

    2012-08-31 00:41:47 15712 ----a-w- c:\program files\common files\windows live\.cache\66e8ca011cd871105\MeshBetaRemover.exe

    2012-08-31 00:41:43 89944 ----a-w- c:\program files\common files\windows live\.cache\64186bf11cd871104\DSETUP.dll

    2012-08-31 00:41:43 537432 ----a-w- c:\program files\common files\windows live\.cache\64186bf11cd871104\DXSETUP.exe

    2012-08-31 00:41:43 1801048 ----a-w- c:\program files\common files\windows live\.cache\64186bf11cd871104\dsetup32.dll

    2012-08-31 00:41:38 94040 ----a-w- c:\program files\common files\windows live\.cache\6098bb111cd871103\DSETUP.dll

    2012-08-31 00:41:38 525656 ----a-w- c:\program files\common files\windows live\.cache\6098bb111cd871103\DXSETUP.exe

    2012-08-31 00:41:38 1691480 ----a-w- c:\program files\common files\windows live\.cache\6098bb111cd871103\dsetup32.dll

    2012-08-31 00:41:03 -------- d-----w- c:\program files\common files\Windows Live

    2012-08-28 19:47:29 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys

    2012-08-28 19:47:18 -------- d-----w- c:\windows\system32\drivers\VDD

    2012-08-28 18:49:04 69632 ----a-w- c:\windows\system32\KemXML.dll

    2012-08-28 18:49:04 163840 ----a-w- c:\windows\system32\kemutb.dll

    2012-08-28 18:49:04 131072 ----a-w- c:\windows\system32\KemUtil.dll

    2012-08-28 18:49:04 110592 ----a-w- c:\windows\system32\KemWnd.dll

    2012-08-28 18:48:45 -------- d-----w- c:\program files\SetPoint

    2012-08-28 18:48:24 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll

    2012-08-28 18:48:24 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll

    2012-08-28 18:48:24 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll

    2012-08-28 18:48:23 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll

    2012-08-28 18:48:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

    2012-08-28 18:48:19 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll

    2012-08-28 18:48:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll

    2012-08-20 01:06:10 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll

    2012-08-20 01:06:02 24576 ----a-w- c:\windows\system32\msxml3a.dll

    2012-08-20 01:06:02 -------- d-----w- c:\programdata\AVS4YOU

    2012-08-20 01:06:02 -------- d-----w- c:\program files\common files\AVSMedia

    2012-08-20 01:06:02 -------- d-----w- c:\program files\AVS4YOU

    2012-08-19 22:35:46 -------- d-----w- c:\program files\DVD Shrink

    2012-08-19 22:35:25 -------- d-----w- c:\program files\Perion

    2012-08-19 21:35:46 -------- d-----w- c:\users\jt\appdata\local\Apps

    2012-08-15 02:32:59 2047488 ----a-w- c:\windows\system32\win32k.sys

    2012-08-14 23:53:20 623616 ----a-w- c:\windows\system32\localspl.dll

    2012-08-14 03:04:46 -------- d-----w- c:\program files\Microsoft IntelliPoint

    2012-08-14 02:43:58 -------- d-----w- c:\programdata\PC-Doctor

    2012-08-14 02:42:01 -------- d-----w- c:\program files\common files\supportsoft

    2012-08-14 02:41:19 315392 ----a-w- c:\windows\HideWin.exe

    2012-08-14 02:41:18 520192 ----a-w- c:\windows\RtlExUpd.dll

    2012-08-13 22:11:08 -------- d-----w- c:\program files\Evoluent

    2012-08-05 00:06:35 -------- d-----w- c:\program files\ESET

    .

    ==================== Find3M ====================

    .

    2012-08-31 00:41:08 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-08-31 00:41:08 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-08-14 02:41:28 319456 ----a-w- c:\windows\DIFxAPI.dll

    2012-08-02 19:51:40 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys

    2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll

    2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll

    2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe

    2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll

    2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

    .

    ============= FINISH: 0:26:12.14 ===============
    0
  • Support
    Good, several bad files were removed!



    Please, uninstall Java™ 7 Update 4 since it is an old version with many vulnerabilities. It is now very easy to infect the computer from a web page. It is very important to keep, for example, Java updated.



    Copy all lines in the box:

    [code]

    Killall::

    ClearJavaCache::

    DDS::

    mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}

    uURLSearchHooks: H - No File

    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    SecCenter::

    {108DAC43-C256-20B7-BB05-914135DA5160}

    [/code]

    and paste into Notepad.

    Save the file on the desktop with the name CFScript.



    Prepare the computer according to the instructions for running ComboFix.

    Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.

    Paste the new ComboFix log into your answer.



    0
  • Support
    ComboFix didn't notice that you dropped CFScript on top of it. Please, try again.
    0

Please sign in to leave a comment.