Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant DLL error


  • This topic is locked This topic is locked
10 replies to this topic

#1 jjinx

jjinx

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 06 September 2012 - 10:00 AM

Mod Edit: MOVED to Virus,Trojan and Malware Removal Logs ~~boopme


MIL's computer is getting this error constantly... "Error in loading DLL". I have ran virus scans and find several viruses each time but still this keeps happening. I have the Hijack this to post. Also, she has been getting a high pitched beep and has to mute the internal mic. Is there a way to stop this from happening? TIA for any help you can give me

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:52 PM, on 9/2/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\MOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLN11C3V\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {5e89d89e-4280-65b4-95ac-388697067b31} - C:\Program Files (x86)\Shop to Win 28\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FCTBPos00Pos - {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - C:\Program Files (x86)\Shop to Win 28\Shop to Win 28.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58 afa5ca50c7b5e7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: IntelŪ PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: lxee_device - - C:\windows\system32\lxeecoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58 afa5ca50c7b5e7\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: IntelŪ PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11593 bytes

Edited by boopme, 06 September 2012 - 10:38 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 08 September 2012 - 08:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Remove the AdWare, PUP (Potentially Unwanted Program) found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Posted Image

Please post the logs for my review and let me know what problem persists.

#3 jjinx

jjinx
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 08 September 2012 - 10:55 AM

Tip: click inside this box to load the editor

#4 jjinx

jjinx
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 08 September 2012 - 10:57 AM

Still having the error in loading dll on Internet Explorer.





ComboFix 12-09-08.02 - MOM 09/08/2012 11:09:25.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1759 [GMT -4:00]
Running from: c:\users\MOM\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MOM\AppData\Roaming\DefaultTab\DefaultTab
c:\users\MOM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\MOM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\MOM\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\MOM\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\MOM\AppData\Roaming\vso_ts_preview.xml
c:\users\MOM\Documents\ShopToWin
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 15:14 . 2012-09-08 15:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-08 15:14 . 2012-09-08 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-07 22:07 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE279AD3-280A-479B-AFE3-9D66EBFF4E40}\mpengine.dll
2012-09-07 22:03 . 2012-09-07 22:03 -------- d-----w- c:\users\MOM\AppData\Roaming\PC Cleaners
2012-09-07 22:03 . 2012-09-07 22:03 4571448 ----a-w- c:\windows\uninst.exe
2012-09-07 22:03 . 2012-09-07 22:03 -------- d-----w- c:\users\MOM\AppData\Roaming\PCPro
2012-09-07 22:03 . 2012-09-07 22:03 -------- d-----w- c:\program files (x86)\PC Cleaners
2012-09-07 22:03 . 2012-09-07 22:03 -------- d-----w- c:\programdata\PC1Data
2012-09-07 21:55 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-06 20:16 . 2012-09-06 20:16 -------- d-----w- c:\users\MOM\AppData\Roaming\OneTab
2012-09-06 16:23 . 2012-09-06 16:23 -------- d-----w- c:\program files (x86)\PrivitizeVPN
2012-09-06 16:23 . 2012-09-06 16:23 -------- d-----w- c:\program files (x86)\Playbryte
2012-09-06 00:37 . 2012-09-06 03:28 -------- d-----w- c:\users\MOM\AppData\Roaming\FinalTorrent
2012-09-05 15:48 . 2012-09-06 03:29 -------- d-----w- c:\program files (x86)\FreeFrog
2012-09-05 15:48 . 2012-09-06 03:29 -------- d-----w- c:\program files (x86)\File Type Helper
2012-09-05 15:47 . 2012-09-05 15:48 -------- d-----w- c:\program files (x86)\DefaultTab
2012-09-05 15:47 . 2012-09-05 15:48 -------- d-----w- c:\program files (x86)\Fast Free Converter
2012-09-05 15:47 . 2012-09-08 15:13 -------- d-----w- c:\users\MOM\AppData\Roaming\DefaultTab
2012-09-03 01:55 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-09-02 16:10 . 2012-09-02 16:29 -------- d-----w- C:\puppy
2012-08-24 11:03 . 2012-08-24 11:03 -------- d-----w- c:\users\MOM\AppData\Roaming\Awesomium
2012-08-17 16:05 . 2012-08-17 16:05 -------- d-----w- c:\programdata\Wild Tangent
2012-08-17 16:03 . 2012-08-17 16:03 -------- d-----w- c:\users\MOM\AppData\Roaming\WildTangent
2012-08-17 04:38 . 2012-08-17 04:38 -------- d-----w- c:\users\MOM\AppData\Local\Ilivid Player
2012-08-15 07:06 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 07:06 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 07:06 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 07:06 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
2012-08-15 07:06 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 07:06 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 07:06 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 07:06 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 07:06 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 07:06 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 07:06 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 07:06 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 12:07 . 2012-04-08 22:31 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 12:07 . 2011-08-06 22:09 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 07:00 . 2011-08-07 21:21 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-17 16:32 . 2012-06-17 16:32 18944 ----a-r- c:\users\MOM\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-02_16.25.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-02 19:25 . 2012-09-08 15:16 49152 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-02 19:25 . 2012-09-02 16:24 32768 c:\windows\Temp\History\History.IE5\index.dat
+ 2012-02-02 19:25 . 2012-09-08 15:16 32768 c:\windows\Temp\History\History.IE5\index.dat
- 2012-02-02 19:25 . 2012-09-02 16:24 32768 c:\windows\Temp\Cookies\index.dat
+ 2012-02-02 19:25 . 2012-09-08 15:16 32768 c:\windows\Temp\Cookies\index.dat
+ 2009-04-29 12:31 . 2012-09-08 15:17 48532 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-08 15:17 36646 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-04 18:10 . 2012-09-08 15:17 13168 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-417275844-3254595521-1086989302-1001_UserData.bin
+ 2012-09-06 16:23 . 2012-09-06 16:23 49152 c:\windows\assembly\GAC\AxSHDocVw\1.1.0.0__51b6fa9a48c79a9e\AxSHDocVw.dll
+ 2012-09-06 16:29 . 2012-09-06 16:29 9560 c:\windows\system32\NetworkList\Icons\{90286883-F174-479F-B6A8-65F2D2E87492}_48.bin
+ 2012-09-06 16:29 . 2012-09-06 16:29 4280 c:\windows\system32\NetworkList\Icons\{90286883-F174-479F-B6A8-65F2D2E87492}_32.bin
+ 2012-09-06 16:29 . 2012-09-06 16:29 2456 c:\windows\system32\NetworkList\Icons\{90286883-F174-479F-B6A8-65F2D2E87492}_24.bin
- 2012-09-02 16:24 . 2012-09-02 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-08 15:15 . 2012-09-08 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-08 15:15 . 2012-09-08 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-02 16:24 . 2012-09-02 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-06 21:57 . 2012-09-03 09:24 241820 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-08-05 03:18 . 2012-09-03 04:12 232098 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:38 . 2011-12-17 15:40 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-09-07 21:53 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2012-09-02 16:23 288332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-08 15:14 288332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-06 16:23 . 2012-09-06 16:23 135168 c:\windows\assembly\GAC\SHDocVw\1.1.0.0__51b6fa9a48c79a9e\SHDocVw.dll
+ 2011-08-04 19:47 . 2012-09-08 15:14 5833132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-417275844-3254595521-1086989302-1001-8192.dat
+ 2011-08-04 19:47 . 2012-09-08 15:14 1494460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-417275844-3254595521-1086989302-1001-12288.dat
- 2009-07-14 02:34 . 2012-09-02 16:08 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-09-08 00:03 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-08-04 19:47 . 2012-09-06 03:23 20084748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-417275844-3254595521-1086989302-1001-4096.dat
+ 2012-09-07 13:15 . 2012-09-07 13:15 27545600 c:\windows\Installer\4ffd74b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
"{5e89d89e-4280-65b4-95ac-388697067b31}"= "c:\program files (x86)\Shop to Win 28\Helper.dll" [2012-06-30 378880]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{5e89d89e-4280-65b4-95ac-388697067b31}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{FF8B19A6-FBD0-CC14-9DAE-4EB3A20D9248}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}]
2012-08-15 20:04 69632 ----a-w- c:\users\MOM\AppData\Roaming\OneTab\OneTab.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF}]
2012-04-16 17:27 14432 ----a-w- c:\program files (x86)\Shop to Win 28\Shop to Win 28.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\MOM\Downloads\uTorrent.exe" [2012-06-05 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2012-08-31 196784]
"PC Cleaners"="c:\program files (x86)\PC Cleaners\PCCleaners.exe" [2012-09-07 55794488]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DMAgent;IntelŪ PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-15 1052328]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S2 WiMAXAppSrv;IntelŪ PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-16 71168]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-09-16 174592]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-09-16 81920]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-03-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 12:07]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 17:26]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 17:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F9EC9FBF-B845-4D04-964A-EA70FE4702DA}: NameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-09-08 11:21:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-08 15:21
ComboFix2.txt 2012-09-02 16:29
.
Pre-Run: 400,880,979,968 bytes free
Post-Run: 400,777,457,664 bytes free
.
- - End Of File - - 8DCE6AA33B9724C9F96EF6781B650CB9
=======================================================


Results of screen317's Security Check version 0.99.50
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
PC Cleaners
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
==============================================================


# AdwCleaner v2.000 - Logfile created 09/08/2012 at 11:35:42
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : MOM - MOM-PC
# Boot Mode : Normal
# Running from : C:\Users\MOM\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Playbryte
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\MOM\AppData\Local\Conduit
Folder Deleted : C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\MOM\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\MOM\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\MOM\AppData\LocalLow\Playbryte
Folder Deleted : C:\Users\MOM\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\MOM\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\ShopToWin
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCTB000100567
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\Software\Playbryte
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\MOM\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5156 octets] - [08/09/2012 11:34:11]
AdwCleaner[S1].txt - [5743 octets] - [08/09/2012 11:35:42]

########## EOF - C:\AdwCleaner[S1].txt - [5803 octets] ##########
==========================================================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by MOM at 11:39:02 on 2012-09-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2259 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\lxeecoms.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\MOM\Downloads\uTorrent.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\PC Cleaners\PCCleaners.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\system32\sppsvc.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {5e89d89e-4280-65b4-95ac-388697067b31} - C:\Program Files (x86)\Shop to Win 28\Helper.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: OneTab Add-on: {16adea98-d215-4f51-80af-5e5ed660b9c0} - C:\Users\MOM\AppData\Roaming\OneTab\OneTab.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Shop to Win: {a0d2864a-05fa-91f4-a5cc-def70d52f5af} - C:\Program Files (x86)\Shop to Win 28\Shop to Win 28.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [uTorrent] "C:\Users\MOM\Downloads\uTorrent.exe" /MINIMIZED
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{22D1DF13-857F-4F9A-AF85-E10C1F918131} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CD8E5FFF-C474-4572-A9F9-8E21A8366BDA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CD8E5FFF-C474-4572-A9F9-8E21A8366BDA}\05C4350234F6E637472757364796F6E6D27657563747 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F9EC9FBF-B845-4D04-964A-EA70FE4702DA} : NameServer = 8.8.8.8
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: OneTab Add-on: {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\MOM\AppData\Roaming\OneTab\OneTab.dll
BHO-X64: OneTab Add-on - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO-X64: ALOT Appbar Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Shop to Win: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - C:\Program Files (x86)\Shop to Win 28\Shop to Win 28.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun-x64: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-6-12 89600]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DMAgent;IntelŪ PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-12 13336]
R2 lxee_device;lxee_device;C:\windows\system32\lxeecoms.exe -service --> C:\windows\system32\lxeecoms.exe -service [?]
R2 WiMAXAppSrv;IntelŪ PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-31 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-12 2320920]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 250568]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-31 136176]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-09-08 15:16:35 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-07 22:07:46 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BE279AD3-280A-479B-AFE3-9D66EBFF4E40}\mpengine.dll
2012-09-07 22:03:29 -------- d-----w- C:\Users\MOM\AppData\Roaming\PC Cleaners
2012-09-07 22:03:24 4571448 ----a-w- C:\windows\uninst.exe
2012-09-07 22:03:23 -------- d-----w- C:\Users\MOM\AppData\Roaming\PCPro
2012-09-07 22:03:23 -------- d-----w- C:\ProgramData\PC1Data
2012-09-07 22:03:23 -------- d-----w- C:\Program Files (x86)\PC Cleaners
2012-09-07 21:55:12 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-06 20:16:13 -------- d-----w- C:\Users\MOM\AppData\Roaming\OneTab
2012-09-06 16:23:12 -------- d-----w- C:\Program Files (x86)\PrivitizeVPN
2012-09-06 00:37:15 -------- d-----w- C:\Users\MOM\AppData\Roaming\FinalTorrent
2012-09-05 15:48:05 -------- d-----w- C:\Program Files (x86)\FreeFrog
2012-09-05 15:48:03 -------- d-----w- C:\Program Files (x86)\File Type Helper
2012-09-05 15:47:55 -------- d-----w- C:\Program Files (x86)\Fast Free Converter
2012-09-03 01:55:52 256904 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys
2012-09-03 01:16:13 -------- d-----w- C:\windows\pss
2012-09-02 16:10:37 98816 ----a-w- C:\windows\sed.exe
2012-09-02 16:10:37 518144 ----a-w- C:\windows\SWREG.exe
2012-09-02 16:10:37 256000 ----a-w- C:\windows\PEV.exe
2012-09-02 16:10:37 208896 ----a-w- C:\windows\MBR.exe
2012-09-02 16:10:34 -------- d-----w- C:\puppy
2012-08-24 11:03:54 -------- d-----w- C:\Users\MOM\AppData\Roaming\Awesomium
2012-08-17 16:05:15 -------- d-----w- C:\ProgramData\Wild Tangent
2012-08-17 16:03:26 -------- d-----w- C:\Users\MOM\AppData\Roaming\WildTangent
2012-08-15 07:06:46 503808 ----a-w- C:\windows\System32\srcore.dll
2012-08-15 07:06:46 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-08-15 07:06:42 751104 ----a-w- C:\windows\System32\win32spl.dll
2012-08-15 07:06:42 67584 ----a-w- C:\windows\splwow64.exe
2012-08-15 07:06:42 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-08-15 07:06:41 559104 ----a-w- C:\windows\System32\spoolsv.exe
2012-08-15 07:06:40 58880 ----a-w- C:\windows\System32\browcli.dll
2012-08-15 07:06:40 41472 ----a-w- C:\windows\SysWow64\browcli.dll
2012-08-15 07:06:40 136704 ----a-w- C:\windows\System32\browser.dll
2012-08-15 07:06:39 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-08-15 07:06:38 956416 ----a-w- C:\windows\System32\localspl.dll
.
==================== Find3M ====================
.
2012-08-30 12:07:22 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 12:07:22 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 11:40:48.45 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2011 2:09:11 PM
System Uptime: 9/8/2012 11:36:23 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WXY9J
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU 1 | 2261/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 373.333 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP338: 9/5/2012 11:42:27 PM - Windows Update
RP339: 9/6/2012 9:55:53 AM - Restore Operation
RP340: 9/6/2012 10:10:51 AM - Windows Update
RP341: 9/7/2012 9:15:56 AM - Installed Java 7 Update 7
RP342: 9/7/2012 5:52:07 PM - Restore Operation
.
==== Installed Programs ======================
.
ĩTorrent
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 8.0
Adobe Reader 9.5.2
Advanced Audio FX Engine
Bing Bar
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.1.19.365
Cozi
Dell Getting Started Guide
Dell Webcam Central
Entropia Universe
ESET Online Scanner v3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
J2SE Runtime Environment 5.0
Junk Mail filter update
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
OneTab
PC Cleaners
PokerStars.net
PrivitizeVPN
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.8
TheBflix
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/8/2012 4:29:45 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
9/8/2012 11:37:05 AM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
9/8/2012 11:36:39 AM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.
9/8/2012 11:36:03 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll
9/8/2012 11:16:03 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
9/8/2012 11:14:52 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/8/2012 11:13:54 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/7/2012 5:55:12 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.135.615.0;1.135.615.0 Engine version: 1.1.8704.0
9/6/2012 9:59:00 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.135.326.0;1.135.326.0 Engine version: 1.1.8704.0
9/6/2012 12:23:29 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F9EC9FBF-B845-4D04-964A-EA70FE4702DA} because another computer on the network has the same name. The server could not start.
9/5/2012 11:48:02 AM, Error: Service Control Manager [7030] - The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/5/2012 11:47:57 AM, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/5/2012 11:35:50 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.CN&threatid=2147628568 Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\MOM\Downloads\Lawless 2012 DVDRip AMIABLE\Lawless 2012 DVDRip AMIABLE.avi;file:_C:\Users\MOM\Downloads\Lawless 2012 DVDRip AMIABLE\Lawless 2012 DVDRip AMIABLE.avi->(ASF_Script_Commands) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\SearchProtocolHost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.326.0, AS: 1.135.326.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/5/2012 11:30:26 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.135.326.0;1.135.326.0 Engine version: 1.1.8704.0
9/5/2012 11:12:49 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
9/3/2012 3:49:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Registry Service service to connect.
9/3/2012 3:49:38 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/3/2012 3:47:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.
9/3/2012 3:47:44 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/3/2012 3:46:18 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
9/3/2012 3:46:17 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
9/3/2012 3:32:40 PM, Error: Service Control Manager [7031] - The IntelŪ PROSet/Wireless WiMAX Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/3/2012 3:31:44 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.135.81.0;1.135.81.0 Engine version: 1.1.8704.0
9/3/2012 3:26:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.326.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/2/2012 9:24:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/2/2012 8:36:27 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/2/2012 8:36:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/2/2012 8:36:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/2/2012 8:36:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/2/2012 8:36:21 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21
9/2/2012 8:36:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/2/2012 8:36:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
9/2/2012 8:17:23 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: An instance of the service is already running.
9/2/2012 8:15:23 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/2/2012 12:22:40 PM, Error: Application Popup [1060] - \??\C:\puppy\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/2/2012 12:08:56 PM, Error: Service Control Manager [7034] - The ALOT Update Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 08 September 2012 - 12:53 PM

MIL's computer is getting this error constantly... "Error in loading DLL".

Please give me a few examples of what you are doing with you get this error.

===

Open notepad and copy/paste the text in the quote box below into it:

Folder::
c:\program files (x86)\PC Cleaners
C:\Program Files (x86)\Shop to Win 28

DDS::
uURLSearchHooks: FCToolbarURLSearchHook Class: {5e89d89e-4280-65b4-95ac-388697067b31} - C:\Program Files (x86)\Shop to Win 28\Helper.dll
BHO: Shop to Win: {a0d2864a-05fa-91f4-a5cc-def70d52f5af} - C:\Program Files (x86)\Shop to Win 28\Shop to Win 28.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PC Cleaners"=-

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

#6 jjinx

jjinx
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 08 September 2012 - 01:20 PM

It was happening every time we opened Internet Explorer. Everytime I open a new page at least one or several of that same error pops up. Now after doing the cfs script/combofix it seems to be fixed.

ComboFix 12-09-08.02 - MOM 09/08/2012 14:05:07.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2574 [GMT -4:00]
Running from: c:\users\MOM\Desktop\ComboFix.exe
Command switches used :: c:\users\MOM\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PC Cleaners
c:\program files (x86)\PC Cleaners\fixed.htm
c:\program files (x86)\PC Cleaners\image1.png
c:\program files (x86)\PC Cleaners\image2.png
c:\program files (x86)\PC Cleaners\PCCleaners.exe
c:\program files (x86)\Shop to Win 28
c:\program files (x86)\Shop to Win 28\aboutTabs.7.js
c:\program files (x86)\Shop to Win 28\aboutTabs.8.js
c:\program files (x86)\Shop to Win 28\banner_container.html
c:\program files (x86)\Shop to Win 28\bookmark_off.bmp
c:\program files (x86)\Shop to Win 28\bookmark_on.bmp
c:\program files (x86)\Shop to Win 28\bubble_permissions.html
c:\program files (x86)\Shop to Win 28\build
c:\program files (x86)\Shop to Win 28\caching_banner.html
c:\program files (x86)\Shop to Win 28\chevron.bmp
c:\program files (x86)\Shop to Win 28\default.xml
c:\program files (x86)\Shop to Win 28\email.bmp
c:\program files (x86)\Shop to Win 28\email2.bmp
c:\program files (x86)\Shop to Win 28\email3.bmp
c:\program files (x86)\Shop to Win 28\ff.xsl
c:\program files (x86)\Shop to Win 28\FixToolbar1163.bat
c:\program files (x86)\Shop to Win 28\Helper.dll
c:\program files (x86)\Shop to Win 28\ie9hint.html
c:\program files (x86)\Shop to Win 28\ie9logo.png
c:\program files (x86)\Shop to Win 28\images\amazon.bmp
c:\program files (x86)\Shop to Win 28\images\ebay.bmp
c:\program files (x86)\Shop to Win 28\images\email.bmp
c:\program files (x86)\Shop to Win 28\images\email2.bmp
c:\program files (x86)\Shop to Win 28\images\msgbox\down.gif
c:\program files (x86)\Shop to Win 28\images\msgbox\hr.bmp
c:\program files (x86)\Shop to Win 28\images\msgbox\mark.png
c:\program files (x86)\Shop to Win 28\images\msgbox\mark_do.png
c:\program files (x86)\Shop to Win 28\images\msgbox\mark_na.png
c:\program files (x86)\Shop to Win 28\images\msgbox\navbg.bmp
c:\program files (x86)\Shop to Win 28\images\msgbox\refresh.png
c:\program files (x86)\Shop to Win 28\images\msgbox\refresh_do.png
c:\program files (x86)\Shop to Win 28\images\msgbox\refresh_na.png
c:\program files (x86)\Shop to Win 28\images\msgbox\trash.png
c:\program files (x86)\Shop to Win 28\images\msgbox\trash_do.png
c:\program files (x86)\Shop to Win 28\images\msgbox\trash_na.png
c:\program files (x86)\Shop to Win 28\images\msgbox\unmark.png
c:\program files (x86)\Shop to Win 28\images\msgbox\unmark_do.png
c:\program files (x86)\Shop to Win 28\images\msgbox\unmark_na.png
c:\program files (x86)\Shop to Win 28\images\msgbox\up.gif
c:\program files (x86)\Shop to Win 28\images\ticker\left.gif
c:\program files (x86)\Shop to Win 28\images\ticker\right.gif
c:\program files (x86)\Shop to Win 28\images\weather\0.bmp
c:\program files (x86)\Shop to Win 28\images\weather\1.bmp
c:\program files (x86)\Shop to Win 28\images\weather\10.bmp
c:\program files (x86)\Shop to Win 28\images\weather\11.bmp
c:\program files (x86)\Shop to Win 28\images\weather\12.bmp
c:\program files (x86)\Shop to Win 28\images\weather\13.bmp
c:\program files (x86)\Shop to Win 28\images\weather\14.bmp
c:\program files (x86)\Shop to Win 28\images\weather\15.bmp
c:\program files (x86)\Shop to Win 28\images\weather\16.bmp
c:\program files (x86)\Shop to Win 28\images\weather\17.bmp
c:\program files (x86)\Shop to Win 28\images\weather\18.bmp
c:\program files (x86)\Shop to Win 28\images\weather\19.bmp
c:\program files (x86)\Shop to Win 28\images\weather\2.bmp
c:\program files (x86)\Shop to Win 28\images\weather\20.bmp
c:\program files (x86)\Shop to Win 28\images\weather\21.bmp
c:\program files (x86)\Shop to Win 28\images\weather\22.bmp
c:\program files (x86)\Shop to Win 28\images\weather\23.bmp
c:\program files (x86)\Shop to Win 28\images\weather\24.bmp
c:\program files (x86)\Shop to Win 28\images\weather\25.bmp
c:\program files (x86)\Shop to Win 28\images\weather\26.bmp
c:\program files (x86)\Shop to Win 28\images\weather\27.bmp
c:\program files (x86)\Shop to Win 28\images\weather\28.bmp
c:\program files (x86)\Shop to Win 28\images\weather\29.bmp
c:\program files (x86)\Shop to Win 28\images\weather\3.bmp
c:\program files (x86)\Shop to Win 28\images\weather\30.bmp
c:\program files (x86)\Shop to Win 28\images\weather\31.bmp
c:\program files (x86)\Shop to Win 28\images\weather\32.bmp
c:\program files (x86)\Shop to Win 28\images\weather\33.bmp
c:\program files (x86)\Shop to Win 28\images\weather\34.bmp
c:\program files (x86)\Shop to Win 28\images\weather\35.bmp
c:\program files (x86)\Shop to Win 28\images\weather\36.bmp
c:\program files (x86)\Shop to Win 28\images\weather\37.bmp
c:\program files (x86)\Shop to Win 28\images\weather\38.bmp
c:\program files (x86)\Shop to Win 28\images\weather\39.bmp
c:\program files (x86)\Shop to Win 28\images\weather\4.bmp
c:\program files (x86)\Shop to Win 28\images\weather\40.bmp
c:\program files (x86)\Shop to Win 28\images\weather\41.bmp
c:\program files (x86)\Shop to Win 28\images\weather\42.bmp
c:\program files (x86)\Shop to Win 28\images\weather\43.bmp
c:\program files (x86)\Shop to Win 28\images\weather\44.bmp
c:\program files (x86)\Shop to Win 28\images\weather\45.bmp
c:\program files (x86)\Shop to Win 28\images\weather\46.bmp
c:\program files (x86)\Shop to Win 28\images\weather\47.bmp
c:\program files (x86)\Shop to Win 28\images\weather\5.bmp
c:\program files (x86)\Shop to Win 28\images\weather\6.bmp
c:\program files (x86)\Shop to Win 28\images\weather\7.bmp
c:\program files (x86)\Shop to Win 28\images\weather\8.bmp
c:\program files (x86)\Shop to Win 28\images\weather\9.bmp
c:\program files (x86)\Shop to Win 28\images\weather\hr.bmp
c:\program files (x86)\Shop to Win 28\images\weather\na.bmp
c:\program files (x86)\Shop to Win 28\images\weather\png\0.png
c:\program files (x86)\Shop to Win 28\images\weather\png\1.png
c:\program files (x86)\Shop to Win 28\images\weather\png\10.png
c:\program files (x86)\Shop to Win 28\images\weather\png\11.png
c:\program files (x86)\Shop to Win 28\images\weather\png\12.png
c:\program files (x86)\Shop to Win 28\images\weather\png\13.png
c:\program files (x86)\Shop to Win 28\images\weather\png\14.png
c:\program files (x86)\Shop to Win 28\images\weather\png\15.png
c:\program files (x86)\Shop to Win 28\images\weather\png\16.png
c:\program files (x86)\Shop to Win 28\images\weather\png\17.png
c:\program files (x86)\Shop to Win 28\images\weather\png\18.png
c:\program files (x86)\Shop to Win 28\images\weather\png\19.png
c:\program files (x86)\Shop to Win 28\images\weather\png\2.png
c:\program files (x86)\Shop to Win 28\images\weather\png\20.png
c:\program files (x86)\Shop to Win 28\images\weather\png\21.png
c:\program files (x86)\Shop to Win 28\images\weather\png\22.png
c:\program files (x86)\Shop to Win 28\images\weather\png\23.png
c:\program files (x86)\Shop to Win 28\images\weather\png\24.png
c:\program files (x86)\Shop to Win 28\images\weather\png\25.png
c:\program files (x86)\Shop to Win 28\images\weather\png\26.png
c:\program files (x86)\Shop to Win 28\images\weather\png\27.png
c:\program files (x86)\Shop to Win 28\images\weather\png\28.png
c:\program files (x86)\Shop to Win 28\images\weather\png\29.png
c:\program files (x86)\Shop to Win 28\images\weather\png\3.png
c:\program files (x86)\Shop to Win 28\images\weather\png\30.png
c:\program files (x86)\Shop to Win 28\images\weather\png\31.png
c:\program files (x86)\Shop to Win 28\images\weather\png\32.png
c:\program files (x86)\Shop to Win 28\images\weather\png\33.png
c:\program files (x86)\Shop to Win 28\images\weather\png\34.png
c:\program files (x86)\Shop to Win 28\images\weather\png\35.png
c:\program files (x86)\Shop to Win 28\images\weather\png\36.png
c:\program files (x86)\Shop to Win 28\images\weather\png\37.png
c:\program files (x86)\Shop to Win 28\images\weather\png\38.png
c:\program files (x86)\Shop to Win 28\images\weather\png\39.png
c:\program files (x86)\Shop to Win 28\images\weather\png\4.png
c:\program files (x86)\Shop to Win 28\images\weather\png\40.png
c:\program files (x86)\Shop to Win 28\images\weather\png\41.png
c:\program files (x86)\Shop to Win 28\images\weather\png\42.png
c:\program files (x86)\Shop to Win 28\images\weather\png\43.png
c:\program files (x86)\Shop to Win 28\images\weather\png\44.png
c:\program files (x86)\Shop to Win 28\images\weather\png\45.png
c:\program files (x86)\Shop to Win 28\images\weather\png\46.png
c:\program files (x86)\Shop to Win 28\images\weather\png\47.png
c:\program files (x86)\Shop to Win 28\images\weather\png\5.png
c:\program files (x86)\Shop to Win 28\images\weather\png\6.png
c:\program files (x86)\Shop to Win 28\images\weather\png\7.png
c:\program files (x86)\Shop to Win 28\images\weather\png\8.png
c:\program files (x86)\Shop to Win 28\images\weather\png\9.png
c:\program files (x86)\Shop to Win 28\images\weather\png\na.png
c:\program files (x86)\Shop to Win 28\images\wikipedia.bmp
c:\program files (x86)\Shop to Win 28\images\yahoo.bmp
c:\program files (x86)\Shop to Win 28\js_components\bookmarksplugin.js
c:\program files (x86)\Shop to Win 28\js_components\emailchecker.js
c:\program files (x86)\Shop to Win 28\js_components\msgboxplugin.js
c:\program files (x86)\Shop to Win 28\js_components\radioplugin.js
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\drag-drop-folder-tree.css
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\drag-drop-folder-tree.js
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\dummy.png
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\editDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\bookmark_on.bmp
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\context-menu-gradient.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\dhtmlgoodies_folder.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\dhtmlgoodies_minus.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\dhtmlgoodies_plus.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\dhtmlgoodies_sheet.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\dragDrop_ind1.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\dragDrop_ind2.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\folder_close.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\folder_dots.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\folder_folder.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\folder_lastsub.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\folder_open.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\images\folder_sub.gif
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\importDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\labelDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\manageDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\menuarrow.png
c:\program files (x86)\Shop to Win 28\js_components\res\bookmarksplugin\proppage\removeDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\common\proppage\container.html
c:\program files (x86)\Shop to Win 28\js_components\res\common\proppage\loading.gif
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\accountDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\configure.html
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\pwdDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\widgets\jscompatibilitylib.js
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\widgets\jsgeneral.js
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\widgets\jsimage.js
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\widgets\jslabel.js
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\widgets\jslistview.js
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\widgets\jslistviewitem.js
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\widgets\jsstyle.css
c:\program files (x86)\Shop to Win 28\js_components\res\emailchecker\proppage\widgets\jstranslation.js
c:\program files (x86)\Shop to Win 28\js_components\res\msgboxplugin\bubble.xsl
c:\program files (x86)\Shop to Win 28\js_components\res\msgboxplugin\popup.xsl
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\css\boxsizing.htc
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\css\winclassic.css
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\audio.bmp
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_dropdwn_down.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_dropdwn_over.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_dropdwn_up.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_max_down.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_max_over.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_max_up.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_min_down.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_min_over.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_min_up.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_pause_down.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_pause_over.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_pause_up.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_play_down.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_play_over.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_play_up.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_playcntrl_over.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_playcntrl_up.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_stop_down.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_stop_over.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_stop_up.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_volcntrl_over.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\btn_volcntrl_up.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\efolder.bmp
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\equalizer.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\equalizer_loading.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\folder.bmp
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\podcast.bmp
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\radio.bmp
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\radio.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\radio_minimalized.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\radio_minimalized_old.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\radio_old.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\vol_01.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\vol_02.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\vol_03.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\images\volslide_bg.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\js\range.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\js\slider.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\js\timer.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\drag-drop-folder-tree.css
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\drag-drop-folder-tree.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\folderDeleteDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\folderEditDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\context-menu-gradient.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\dhtmlgoodies_folder.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\dhtmlgoodies_minus.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\dhtmlgoodies_plus.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\dhtmlgoodies_sheet.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\dragDrop_ind1.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\dragDrop_ind2.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\dummy.png
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\folder.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\folder_close.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\folder_dots.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\folder_folder.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\folder_lastsub.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\folder_open.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\folder_sub.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\itemAudio.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\itemPodcast.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\images\itemRadio.gif
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\mediaAddDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\mediaEditDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\mediaSearchDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\optionsDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\tabctrl.css
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\tabctrl.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\widgets\jscompatibilitylib.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\widgets\jsgeneral.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\widgets\jsimage.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\widgets\jslabel.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\widgets\jslistview.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\widgets\jslistviewitem.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\widgets\jsstyle.css
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\proppage\widgets\jstranslation.js
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\ui-vol.html
c:\program files (x86)\Shop to Win 28\js_components\res\radioplugin\ui.html
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\atom2rss.xsl
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\channelEditDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\configureDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\drag-drop-folder-tree.css
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\drag-drop-folder-tree.js
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\folderDeleteDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\folderEditDlg.html
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\context-menu-gradient.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\dhtmlgoodies_folder.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\dhtmlgoodies_minus.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\dhtmlgoodies_plus.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\dhtmlgoodies_sheet.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\dragDrop_ind1.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\dragDrop_ind2.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\feed.bmp
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\folder.bmp
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\folder_close.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\folder_dots.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\folder_folder.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\folder_lastsub.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\folder_open.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\proppage\images\folder_sub.gif
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\rdf2rss.xsl
c:\program files (x86)\Shop to Win 28\js_components\res\rssreader\transform.xsl
c:\program files (x86)\Shop to Win 28\js_components\res\searchcomponent\defsearch.gif
c:\program files (x86)\Shop to Win 28\js_components\res\searchcomponent\droparrow.gif
c:\program files (x86)\Shop to Win 28\js_components\res\searchcomponent\droparrow_over.gif
c:\program files (x86)\Shop to Win 28\js_components\res\searchcomponent\logoyahoo.bmp
c:\program files (x86)\Shop to Win 28\js_components\res\searchcomponent\menuarrow.gif
c:\program files (x86)\Shop to Win 28\js_components\res\searchcomponent\transform.xsl
c:\program files (x86)\Shop to Win 28\js_components\res\searchcomponent\ui-ac.html
c:\program files (x86)\Shop to Win 28\js_components\res\searchcomponent\ui.html
c:\program files (x86)\Shop to Win 28\js_components\res\weatherplugin\bubble.xsl
c:\program files (x86)\Shop to Win 28\js_components\res\weatherplugin\dummy.png
c:\program files (x86)\Shop to Win 28\js_components\res\weatherplugin\proppage\search_location.html
c:\program files (x86)\Shop to Win 28\js_components\res\weatherplugin\proppage\settings.html
c:\program files (x86)\Shop to Win 28\js_components\rssreader.js
c:\program files (x86)\Shop to Win 28\js_components\searchcomponent.js
c:\program files (x86)\Shop to Win 28\js_components\util\commalist.js
c:\program files (x86)\Shop to Win 28\js_components\util\commands.js
c:\program files (x86)\Shop to Win 28\js_components\util\consts.js
c:\program files (x86)\Shop to Win 28\js_components\util\dialogs.js
c:\program files (x86)\Shop to Win 28\js_components\util\json.js
c:\program files (x86)\Shop to Win 28\js_components\util\utils.js
c:\program files (x86)\Shop to Win 28\js_components\weatherplugin.js
c:\program files (x86)\Shop to Win 28\js_components_bin.dll
c:\program files (x86)\Shop to Win 28\localization.xml
c:\program files (x86)\Shop to Win 28\marquee.html
c:\program files (x86)\Shop to Win 28\marquee_permissions.html
c:\program files (x86)\Shop to Win 28\minus.bmp
c:\program files (x86)\Shop to Win 28\offline.html
c:\program files (x86)\Shop to Win 28\patch.bat
c:\program files (x86)\Shop to Win 28\plus.bmp
c:\program files (x86)\Shop to Win 28\resize.bmp
c:\program files (x86)\Shop to Win 28\rssfeed.bmp
c:\program files (x86)\Shop to Win 28\settings
c:\program files (x86)\Shop to Win 28\Shop to Win 28.dll
c:\program files (x86)\Shop to Win 28\ShopToWin.ico
c:\program files (x86)\Shop to Win 28\ticker.html
c:\program files (x86)\Shop to Win 28\Toolbar.dll
c:\program files (x86)\Shop to Win 28\toolbar_layout.xml
c:\program files (x86)\Shop to Win 28\TroubleShooter.exe
c:\program files (x86)\Shop to Win 28\Uninst.exe
c:\program files (x86)\Shop to Win 28\version.txt
c:\program files (x86)\Shop to Win 28\version.xsl
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 18:10 . 2012-09-08 18:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-08 18:10 . 2012-09-08 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-07 22:07 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE279AD3-280A-479B-AFE3-9D66EBFF4E40}\mpengine.dll
2012-09-07 22:03 . 2012-09-07 22:03 -------- d-----w- c:\users\MOM\AppData\Roaming\PC Cleaners
2012-09-07 22:03 . 2012-09-07 22:03 4571448 ----a-w- c:\windows\uninst.exe
2012-09-07 22:03 . 2012-09-07 22:03 -------- d-----w- c:\users\MOM\AppData\Roaming\PCPro
2012-09-07 22:03 . 2012-09-07 22:03 -------- d-----w- c:\programdata\PC1Data
2012-09-07 21:55 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-06 20:16 . 2012-09-06 20:16 -------- d-----w- c:\users\MOM\AppData\Roaming\OneTab
2012-09-06 16:23 . 2012-09-06 16:23 -------- d-----w- c:\program files (x86)\PrivitizeVPN
2012-09-06 00:37 . 2012-09-06 03:28 -------- d-----w- c:\users\MOM\AppData\Roaming\FinalTorrent
2012-09-05 15:48 . 2012-09-06 03:29 -------- d-----w- c:\program files (x86)\FreeFrog
2012-09-05 15:48 . 2012-09-06 03:29 -------- d-----w- c:\program files (x86)\File Type Helper
2012-09-05 15:47 . 2012-09-05 15:48 -------- d-----w- c:\program files (x86)\Fast Free Converter
2012-09-03 01:55 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-09-02 16:10 . 2012-09-02 16:29 -------- d-----w- C:\puppy
2012-08-24 11:03 . 2012-08-24 11:03 -------- d-----w- c:\users\MOM\AppData\Roaming\Awesomium
2012-08-17 16:05 . 2012-08-17 16:05 -------- d-----w- c:\programdata\Wild Tangent
2012-08-17 16:03 . 2012-08-17 16:03 -------- d-----w- c:\users\MOM\AppData\Roaming\WildTangent
2012-08-15 07:06 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 07:06 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 07:06 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 07:06 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
2012-08-15 07:06 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 07:06 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 07:06 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 07:06 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 07:06 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 07:06 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 07:06 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 07:06 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 12:07 . 2012-04-08 22:31 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 12:07 . 2011-08-06 22:09 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 07:00 . 2011-08-07 21:21 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-17 16:32 . 2012-06-17 16:32 18944 ----a-r- c:\users\MOM\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-02_16.25.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-02 19:25 . 2012-09-08 18:11 49152 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-02 19:25 . 2012-09-02 16:24 32768 c:\windows\Temp\History\History.IE5\index.dat
+ 2012-02-02 19:25 . 2012-09-08 18:11 32768 c:\windows\Temp\History\History.IE5\index.dat
- 2012-02-02 19:25 . 2012-09-02 16:24 32768 c:\windows\Temp\Cookies\index.dat
+ 2012-02-02 19:25 . 2012-09-08 18:11 32768 c:\windows\Temp\Cookies\index.dat
+ 2009-04-29 12:31 . 2012-09-08 18:13 48880 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-08 18:13 36686 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-04 18:10 . 2012-09-08 18:13 13358 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-417275844-3254595521-1086989302-1001_UserData.bin
+ 2012-09-06 16:23 . 2012-09-06 16:23 49152 c:\windows\assembly\GAC\AxSHDocVw\1.1.0.0__51b6fa9a48c79a9e\AxSHDocVw.dll
+ 2012-09-06 16:29 . 2012-09-06 16:29 9560 c:\windows\system32\NetworkList\Icons\{90286883-F174-479F-B6A8-65F2D2E87492}_48.bin
+ 2012-09-06 16:29 . 2012-09-06 16:29 4280 c:\windows\system32\NetworkList\Icons\{90286883-F174-479F-B6A8-65F2D2E87492}_32.bin
+ 2012-09-06 16:29 . 2012-09-06 16:29 2456 c:\windows\system32\NetworkList\Icons\{90286883-F174-479F-B6A8-65F2D2E87492}_24.bin
- 2012-09-02 16:24 . 2012-09-02 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-08 18:11 . 2012-09-08 18:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-08 18:11 . 2012-09-08 18:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-02 16:24 . 2012-09-02 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-06 21:57 . 2012-09-03 09:24 241820 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-08-05 03:18 . 2012-09-03 04:12 232098 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:38 . 2011-12-17 15:40 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-09-07 21:53 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:01 . 2012-09-02 16:23 288332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-08 18:11 288332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-06 16:23 . 2012-09-06 16:23 135168 c:\windows\assembly\GAC\SHDocVw\1.1.0.0__51b6fa9a48c79a9e\SHDocVw.dll
+ 2011-08-04 19:47 . 2012-09-08 18:11 5965748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-417275844-3254595521-1086989302-1001-8192.dat
+ 2011-08-04 19:47 . 2012-09-08 15:14 1494460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-417275844-3254595521-1086989302-1001-12288.dat
- 2009-07-14 02:34 . 2012-09-02 16:08 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-09-08 17:29 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-08-04 19:47 . 2012-09-06 03:23 20084748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-417275844-3254595521-1086989302-1001-4096.dat
+ 2012-09-07 13:15 . 2012-09-07 13:15 27545600 c:\windows\Installer\4ffd74b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}]
2012-08-15 20:04 69632 ----a-w- c:\users\MOM\AppData\Roaming\OneTab\OneTab.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\MOM\Downloads\uTorrent.exe" [2012-06-05 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2012-08-31 196784]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DMAgent;IntelŪ PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-15 1052328]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S2 WiMAXAppSrv;IntelŪ PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-16 71168]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-09-16 174592]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-09-16 81920]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-03-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 12:07]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 17:26]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 17:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F9EC9FBF-B845-4D04-964A-EA70FE4702DA}: NameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{5e89d89e-4280-65b4-95ac-388697067b31} - c:\program files (x86)\Shop to Win 28\Helper.dll
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-09-08 14:16:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-08 18:16
ComboFix2.txt 2012-09-08 15:21
ComboFix3.txt 2012-09-02 16:29
.
Pre-Run: 400,835,137,536 bytes free
Post-Run: 400,767,508,480 bytes free
.
- - End Of File - - 0D931BE321995E06451C787A2A1CA7F7

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 08 September 2012 - 01:24 PM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#8 jjinx

jjinx
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 08 September 2012 - 01:30 PM

Thank you so much! Can you help me figure out why her internal mic squeals? Everytime she restarts it is a high pitched squeal and we have to mute the internal mic. Everything else seems to be working normally now. thanks again :)

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 08 September 2012 - 01:35 PM

If they are bips then it could me some hardware problem.

If this is an old box make sure the Keybord cord is well seated.

#10 jjinx

jjinx
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 08 September 2012 - 01:40 PM

She's had this laptop about a year. This problem started a couple months ago.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:55 AM

Posted 09 September 2012 - 07:16 AM

Run this scan.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

===

Open your Control Panel select Device Manager
Look under each section and find out if you see a Yellow Exclamation mark that would indicate some hardware problems.
===

The information on this page may identify the area of the problem.
http://www.computerhope.com/beep.htm

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users