Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please analyze my DDS & Security Check Log & Hijackthis Logs and advise!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Lijoyfe

Lijoyfe

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 08 January 2014 - 02:38 AM

I have two computers that need help let do this easy one first. It is laptop, It was a gift when if first got it over a year ago i notice whenever i log on to the Administrator account, It uses up all of the computers cpu and makes it basically unusable by crashing and slowing it down dramaticaly.What I did at the time was changed the User Type for that Administrator account into a "User" Account" .

- disabled all previous accounts

- disable "guest" account

- Created a new "User" account

- Created a new "Administrator" accoun by Ran Regisedit.exe....

 HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList

 
    Use the File, Export option to backup the key
    Create a new DWORD Value named Administrator
    Double-click Administrator, and set 1 as its data
    Exit the Registry Editor.
 
That bought me sometime ( over a year ) but i do notice whenever i log on the the Administrator account... too many services be running and when Windows Update is almost impossible. 
 
I have been able to get away with just using the "User" account until now.. as my other computer, my more powerful i7 Desktop got a rootkit 2 weeks ago.. I am force to use this laptop and fix the problems
 
I have been able to remove most of the issue in the past 9 hours.. and I am at a point where I need help.. I have attached the two DDS files I have created and the security logs.. , and the Hijackthis log
 
( if you need to know what programs I had ran to fix most of the issues please let me know as I kept the list. and all logs) 
 
But please analyze these and tell me what you think.. I need to fix this Laptop first before I can go to fix my desktop ...  Thank you 
 
Note: DeFogger is running to disable my CD Emulation drivers
 
Security Check Log:____________________________________________
__________________________________________________________
 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox 25.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log``````````````````````
 
 
 
 
DDS.txt____________________________________
_____________________________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.25.2
Run by Administrator M at 1:27:35 on 2014-01-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.1979.1029 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\explorer.exe
C:\Users\Gabbo\Desktop\Defogger.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uRun: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe" /m
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [HPMonitor] C:\Program Files (x86)\Hewlett-Packard\HP LInk5 Monitor\hpMonitor21.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{7C70C953-EF15-426A-8F66-52E13FA78928} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D64C2256-463C-448B-8FE4-7FFB1082D62E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D64C2256-463C-448B-8FE4-7FFB1082D62E}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{D64C2256-463C-448B-8FE4-7FFB1082D62E}\14E67656C6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D64C2256-463C-448B-8FE4-7FFB1082D62E}\4586F6D637F6E6141413531303 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\shell32.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SunJavaUpdateSched] c:\program files (x86)\common files\java\java update\jusched.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 203888]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-12-5 464256]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-6-16 23816]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-2-17 517632]
R2 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-2-12 292864]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 98688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2012-3-2 34192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-12-4 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HPMoA407;Mouse Suite Driver_A407 (WDF Version);C:\Windows\System32\drivers\HPMoA407.sys [2012-2-19 25088]
S3 HPubA407;USB Mouse Low Filter Driver_A407 (WDF Version);C:\Windows\System32\drivers\HPubA407.sys [2012-2-19 18944]
S3 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
S3 hwmobile;Huawei FP Handset USB Modem and USB Serial;C:\Windows\System32\drivers\hwusbser.sys [2012-2-23 122496]
S3 mr8980;Digital Wireless Camera;C:\Windows\System32\drivers\dwcamx64.sys [2010-5-11 84992]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
S3 qcusbser;Alcatel USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\qcusbser.sys [2012-3-2 231312]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-17 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-12-4 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-12-17 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-17 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-12-4 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-4 1255736]
S4 PelLinkS;PelLinkS;C:\ProgramData\HP Link5 Config\PelLinkS.exe [2010-11-19 178072]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .jse: JSEFile=C:\Windows\SysWow64\WScript.exe "%1" %*
ShellExec: QSync.exe: Open="C:\Program Files (x86)\Logitech\Video\QSync.exe"
.
=============== Created Last 30 ================
.
2014-01-08 04:58:56 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-08 02:30:28 -------- d-----w- C:\Program Files\CCleaner
2014-01-08 01:42:52 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{99C32541-44BF-4B71-ADD1-9D4AA3E112CF}\mpengine.dll
2014-01-08 01:20:19 -------- d-----w- C:\Users\Administrator M\AppData\Local\temp
2014-01-08 00:03:15 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-08 00:03:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-08 00:03:06 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-08 00:00:47 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-07 23:15:25 98816 ----a-w- C:\Windows\sed.exe
2014-01-07 23:15:25 256000 ----a-w- C:\Windows\PEV.exe
2014-01-07 23:15:25 208896 ----a-w- C:\Windows\MBR.exe
2014-01-07 22:59:59 6037504 ----a-w- C:\Windows\System32\drivers\atikmdag.sys.bak
2014-01-07 22:24:15 -------- d-----w- C:\AdwCleaner
2014-01-07 21:49:21 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-01-06 23:59:57 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-01-06 23:59:57 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2014-01-06 23:49:44 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-01-06 23:49:44 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-01-06 23:49:43 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2014-01-06 23:49:42 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-01-06 23:49:42 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-01-06 23:49:42 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-01-06 23:49:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-01-06 23:49:42 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2014-01-06 23:49:42 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-01-06 23:49:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2014-01-06 23:40:15 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-01-06 23:40:14 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-01-06 23:39:31 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-01-06 23:39:30 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-01-06 23:37:39 751104 ----a-w- C:\Windows\System32\win32spl.dll
2014-01-06 23:37:38 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2014-01-06 23:37:36 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-01-06 23:37:35 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-01-06 23:25:55 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-01-06 23:24:59 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-01-06 23:24:59 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-01-06 23:24:58 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-01-06 23:24:58 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-01-06 23:24:58 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-01-06 22:13:39 -------- d-----w- C:\Users\Administrator M\AppData\Roaming\OpenOffice.org
2014-01-06 20:48:27 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-06 05:26:05 -------- d-----w- C:\Users\Administrator M\AppData\Local\Diagnostics
2014-01-06 03:45:51 -------- d-----w- C:\Users\Administrator M\AppData\Local\QuickPlay
2014-01-05 21:12:12 -------- d-----w- C:\Users\Administrator M\AppData\Roaming\com.adobe.amp
2014-01-05 21:04:54 -------- d-----w- C:\Users\Administrator M\AppData\Local\Hewlett-Packard
2014-01-05 20:55:26 -------- d-----w- C:\Users\Administrator M\AppData\Roaming\HpUpdate
.
==================== Find3M  ====================
.
2014-01-05 20:57:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-05 20:57:44 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH:  1:29:22.07 ===============
 
 
 
 
attach.txt_________________________________________________
__________________________________________________________
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 28/12/2011 7:02:10 PM
System Uptime: 08/01/2014 12:30:54 AM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 3612
Processor: Genuine Intel® CPU             585  @ 2.16GHz | CPU | 2161/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 92.858 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP314: 05/09/2013 11:34:29 PM - Windows Update
RP315: 09/09/2013 9:40:15 PM - Windows Update
RP316: 12/09/2013 11:53:24 PM - Windows Update
RP317: 16/09/2013 10:53:27 PM - Windows Update
RP318: 20/09/2013 9:49:33 PM - Windows Update
RP319: 24/09/2013 9:52:41 PM - Windows Update
RP320: 27/09/2013 10:55:51 PM - Windows Update
RP321: 02/10/2013 8:45:51 AM - Windows Update
RP322: 06/10/2013 12:34:33 PM - Windows Update
RP323: 10/10/2013 12:20:18 PM - Windows Update
RP324: 13/10/2013 11:25:09 PM - Windows Update
RP325: 17/10/2013 11:26:42 PM - Windows Update
RP326: 22/10/2013 4:46:41 PM - Windows Update
RP327: 25/10/2013 9:24:00 PM - Windows Update
RP328: 29/10/2013 11:36:39 PM - Windows Update
RP329: 02/11/2013 10:16:27 PM - Windows Update
RP330: 06/11/2013 8:58:53 PM - Windows Update
RP331: 10/11/2013 3:29:01 PM - Windows Update
RP332: 13/11/2013 10:57:57 PM - Windows Update
RP333: 17/11/2013 9:58:19 PM - Windows Update
RP334: 21/11/2013 8:39:26 PM - Windows Update
RP335: 24/11/2013 11:50:24 PM - Windows Update
RP336: 28/11/2013 9:33:14 PM - Windows Update
RP337: 02/12/2013 2:36:39 PM - Windows Update
RP338: 13/12/2013 1:28:55 AM - Windows Update
RP339: 28/12/2013 11:48:56 PM - Windows Update
RP340: 05/01/2014 4:01:14 PM - Windows Update
RP341: 05/01/2014 8:08:09 PM - post windows update
RP342: 07/01/2014 4:52:36 PM - Revo Uninstaller's restore point - HP Product Detection
RP343: 07/01/2014 4:53:11 PM - Removed HP Product Detection
RP344: 07/01/2014 4:55:32 PM - Revo Uninstaller's restore point - Apple Software Update
RP345: 07/01/2014 4:58:29 PM - Revo Uninstaller's restore point - Microsoft Office Enterprise 2007
RP346: 07/01/2014 9:59:35 PM - Revo Uninstaller's restore point - Adobe Shockwave Player 12.0
RP347: 07/01/2014 10:02:19 PM - Revo Uninstaller's restore point - Acrobat X Suite
RP348: 07/01/2014 10:08:02 PM - Revo Uninstaller's restore point - Acrobat X Suite
RP349: 07/01/2014 10:24:10 PM - Revo Uninstaller's restore point - Acrobat X Suite
RP350: 07/01/2014 10:31:57 PM - Revo Uninstaller's restore point - Acrobat X Suite
RP351: 07/01/2014 10:33:06 PM - Revo Uninstaller's restore point - Acrobat X Suite
RP352: 07/01/2014 10:46:30 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader XI (11.0.05)
Advanced SystemCare 6
Atheros Driver Installation Program
BlackBerry Desktop Software 7.0
Bonjour
CCleaner
CPUID CPU-Z 1.60.1
D3DX10
Ezvid
ffdshow [rev 3154] [2009-12-09]
FVD Suite 3.0.2
GIMP 2.8.2
Google Drive
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Product Detection
HP Update
HP Wireless Assistant
HP Wireless Keyboard Suite 2.1
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
Lagarith lossless video codec (Remove Only)
LightScribe System Software
Logitech QuickCam Software
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
Notepad++
OpenOffice.org 3.4.1
Penpower Jr.
Picasa 3
Realtek 8136 8168 8169 Ethernet Driver
Revo Uninstaller 1.95
RPS CRT
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 5.10
swMSM
Synaptics Pointing Device Driver
Trillian
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Ventrilo Client for Windows x64
VueScan x64
Windows Driver Package - OEM (mr8980) Image  (05/10/2010 1.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (32-bit)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
08/01/2014 12:34:34 AM, Error: Service Control Manager [7023]  - The HP Network Devices Support service terminated with the following error:  The specified module could not be found.
08/01/2014 12:32:13 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
08/01/2014 12:31:45 AM, Error: Service Control Manager [7003]  - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
08/01/2014 12:31:45 AM, Error: Service Control Manager [7001]  - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
08/01/2014 12:19:38 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:  An instance of the service is already running.
08/01/2014 12:17:38 AM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
07/01/2014 8:16:56 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
07/01/2014 8:16:17 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
07/01/2014 2:27:23 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
07/01/2014 10:56:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070658: Security Update for Microsoft Office 2007 suites (KB2827329).
07/01/2014 10:56:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070658: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085).
07/01/2014 10:49:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070658: Security Update for Microsoft Office 2007 suites (KB2596825).
07/01/2014 10:49:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070658: Security Update for Microsoft Office 2007 suites (KB2596792).
07/01/2014 10:49:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070658: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642).
07/01/2014 10:48:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070658: Update for Microsoft Office Outlook 2007 (KB2687404).
07/01/2014 10:48:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070658: Update for Microsoft Office 2007 suites (KB2767916).
07/01/2014 10:48:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070658: Security Update for Microsoft Office 2007 suites (KB2760411).
07/01/2014 10:47:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070658: Security Update for Microsoft Office InfoPath 2007 (KB2687440).
06/01/2014 7:02:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.
06/01/2014 7:02:13 PM, Error: Service Control Manager [7000]  - The Net.Pipe Listener Adapter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
06/01/2014 7:00:43 PM, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/01/2014 7:00:43 PM, Error: Service Control Manager [7031]  - The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/01/2014 7:00:43 PM, Error: Service Control Manager [7031]  - The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
06/01/2014 7:00:43 PM, Error: Service Control Manager [7031]  - The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/01/2014 7:00:43 PM, Error: Service Control Manager [7031]  - The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/01/2014 6:59:45 PM, Error: Microsoft-Windows-WAS [5175]  - The listener adapter serving the 'net.pipe' protocol disconnected unexpectedly.
06/01/2014 6:59:43 PM, Error: Service Control Manager [7031]  - The Net.Pipe Listener Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/01/2014 6:57:47 PM, Error: Service Control Manager [7031]  - The Windows Font Cache Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/01/2014 6:57:47 PM, Error: Service Control Manager [7031]  - The Windows Connect Now - Config Registrar service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
06/01/2014 6:57:47 PM, Error: Service Control Manager [7031]  - The UPnP Device Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
06/01/2014 6:57:47 PM, Error: Service Control Manager [7031]  - The SSDP Discovery service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
06/01/2014 6:51:14 PM, Error: Service Control Manager [7034]  - The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).
06/01/2014 6:50:58 PM, Error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
06/01/2014 1:42:04 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.
05/01/2014 5:54:45 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.66. The computer with the IP address 192.168.1.75 did not allow the name to be claimed by this computer.
05/01/2014 5:31:33 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
 
 
 
 
Hijackthis Log ______________________________________________________
_________________________________________________________________
 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:34:47 AM, on 08/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
 
FIREFOX: 25.0.1 (en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWow64\NOTEPAD.EXE
C:\Users\Gabbo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gabbo\Desktop\HijackThis.exe
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HPMonitor] C:\Program Files (x86)\Hewlett-Packard\HP LInk5 Monitor\hpMonitor21.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe" /m
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 7762 byte
 
 
 
 
 
 
 
////////////////////////////////////////// End of post////////////////////////////////////////

Edited by hamluis, 08 January 2014 - 08:01 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 13 January 2014 - 02:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520068 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 18 January 2014 - 02:45 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users