Author Topic: [Inactive] Processes, Active X, Hanging start-up, HDD constant activity, etc (Read 2105 times)

kevin333777 · « **on:** January 29, 2012, 10:21:00 AM »

These are some of the strange things that is happening.

- Hard drive is always active even when there is no activity being done on computer. I know how idling hard drives are supposed to be.

- This French Active X Controller keeps getting installed after i uninstall "Contrôle ActiveX Windows Live Mesh pour connexions à distance" I am English and this is an English computer.

- Internet Explorer process is in my process list as Running. I have not used IE in at least weeks if not months. I think it is a untrustworthy process that is masking as a trustworthy process.

- My start up blanks out in a black screen for a few seconds (maybe from 3 seconds to 10 seconds) and than i see log in screen. There's odd laggs that never used to happen on log in screen.

- After doing the scan that is requested to do i see a few programs i do not recognize or have installed (Possible add ons). Here are a few i see: Complément Messenger, Galerie de photos Windows Live, MarketResearch, Contrôle ActiveX Windows Live Mesh pour connexions à distance. I do see some games i never installed, but i believe it came with my computer, as well as a few games i have installed myself.

- I get some freezes but not very often, i think i managed to clear that up few months ago.

- At start-up i see all my icons in system tray and on desktop go white (With no icon picture), as if attributes are being changed to a default program, also when i open Microsoft Word i see this happen also. I have set my defaults and i shouldn't be seeing this. After it is done the icon pictures restore to normal.

- Malwarebytes real time protection says 13 day trial but i have had it working and resetting time for over 2 months, i am not sure if this is a glitch from malwarebytes or a malicious program hiding in plain sight as malwarebytes. It does still show "Blocked this site from etc" every so often, but not very much.

- A process which is a bit odd is "unsecapp.exe" in the description it says "Sink to receive asynchronous call backs for WMI client application" And "SINK" is spelled wrong, it should be "SYNC". The process says it's a system process.

- Desktop freezes, as i am writing it is frozen but i can still use internet browser for now.

- I cannot zip these two files together, because i do not see it on desktop (Where i saved it 2 times) i can see it in "Browse for file" but not actually on desktop.

This is all i can remember at the moment, i tried being as detailed as i could to make it easier on you guys. But this is all or most of what i have noticed happening on my computer.

I would like to say ahead of time i do not have a Windows installation disk of any kind, i bought this computer new and it did not come with it.

kevin333777 · « **Reply #1 on:** January 29, 2012, 10:23:35 AM »

As of right now my desktop is frozen, but my system tray and start menu all work. Only my desktop is frozen. I can still start programs from the start button. Found it weird when i tried finding those 2 files, by right clicking desktop and i was going to arrange icons by date modified to find these two files, that i would freeze as i am writing this here.

kevin333777 · « **Reply #2 on:** January 29, 2012, 10:28:09 AM »

After restarting i see both files on desktop now.

kevin333777 · « **Reply #3 on:** January 29, 2012, 10:41:09 AM »

One more thing, not sure how i forgot this. But my computer fan goes at high speed off and on. It started when i bought myself a portable hard drive that i backed up my entire computer on. But since then the fans go at high speed when it isn't backing anything up and when it is idle. It might have been a coincidence and it could actually not be when i hooked the portable hard drive up, but something else doing it.

Hoov · « **Reply #4 on:** January 29, 2012, 10:59:32 AM »

I have helped you before, so I am going to skip the preliminaries. The two logs we asked for should have been pasted in a response instead of attached. Because of the problems you are having, I will take care of that, but for future reference please copy and paste all logs into a reply unless we ask for them to be attached. This is for everyone's protection. I am looking at the logs right now, I should have something for you shortly.

Hoov · « **Reply #5 on:** January 29, 2012, 10:59:59 AM »

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Kevin at 11:46:25 on 2012-01-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3839.1852 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bandoo\Bandoo.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\TweakNow PowerPack 2011\PowerPack.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102868&gct=hp
uLocal Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: G Data CloudSecurity: {aadac261-4ee9-473a-ab95-d8e153424c38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: G Data CloudSecurity: {aadac261-4ee9-473a-ab95-d8e153424c38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A57CD671-25FD-4B4A-9A95-2E5F5BD45C88} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~2\bandoo\bndhook.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: G Data CloudSecurity: {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll
BHO-X64: G Data CloudSecurity Class - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO-X64: Bandoo IE Plugin - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: G Data CloudSecurity: {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Program Files (x86)\G Data\G Data CloudSecurity\CloudSecurityIE64.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun-x64: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: c:\progra~2\bandoo\bndhook.dll
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vgc6tuyp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-26 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120126.003\IDSviA64.sys [2012-1-26 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-2 497496]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-21 821592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-20 652872]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-5-12 25824]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-12-27 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-20 1153368]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-1-17 21384]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-1-17 33184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-1-17 21872]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2012-1-21 93848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-20 135664]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-20 135664]
S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-3-22 1119768]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-29 15:20:13   388096   ----a-r-   C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-29 15:20:13   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-01-26 20:09:51   --------   d-----w-   C:\Program Files\iTunes
2012-01-26 20:09:51   --------   d-----w-   C:\Program Files\iPod
2012-01-26 20:09:51   --------   d-----w-   C:\Program Files (x86)\iTunes
2012-01-21 16:11:12   0   ----a-w-   C:\ProgramData\xmlD720.tmp
2012-01-21 16:11:11   13381   ----a-w-   C:\ProgramData\xmlD376.tmp
2012-01-21 16:11:11   0   ----a-w-   C:\ProgramData\xmlD490.tmp
2012-01-21 16:11:09   6774   ----a-w-   C:\ProgramData\xmlCD1E.tmp
2012-01-21 16:09:58   24920   ----a-w-   C:\Windows\System32\X3DAudio1_7.dll
2012-01-21 16:06:33   --------   d--h--w-   C:\Windows\msdownld.tmp
2012-01-21 16:06:27   --------   d-----w-   C:\Windows\SysWow64\directx
2012-01-21 16:05:34   --------   d-----w-   C:\Program Files\SiSoftware
2012-01-21 00:45:20   --------   d-----w-   C:\Users\Kevin\AppData\Local\APN
2012-01-20 02:47:58   --------   d-----w-   C:\Program Files (x86)\Conduit
2012-01-20 02:47:56   --------   d-----w-   C:\Users\Kevin\AppData\Local\Conduit
2012-01-20 02:47:55   --------   d-----w-   C:\Program Files (x86)\uTorrentBar
2012-01-18 16:09:27   --------   d-----w-   C:\ProgramData\MemeoCommon
2012-01-18 16:08:22   --------   d-----w-   C:\Users\Kevin\AppData\Roaming\Seagate
2012-01-18 16:07:41   --------   d-----w-   C:\Windows\[SystemFolder]
2012-01-18 16:07:41   --------   d-----w-   C:\Program Files\Memeo
2012-01-18 16:06:58   --------   d-----w-   C:\Users\Kevin\AppData\Roaming\Memeo
2012-01-18 16:06:54   --------   d-----w-   C:\Program Files (x86)\Common Files\Memeo
2012-01-18 16:06:48   --------   d-----w-   C:\Program Files (x86)\Memeo
2012-01-18 16:05:19   --------   d-----w-   C:\Program Files (x86)\Seagate
2012-01-18 13:55:00   31576   ----a-w-   C:\Windows\System32\SmartDefragBootTime.exe
2012-01-18 13:55:00   17720   ----a-w-   C:\Windows\System32\drivers\SmartDefragDriver.sys
2012-01-18 01:14:51   626688   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-18 01:14:51   548864   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-18 01:14:51   479232   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-18 01:14:51   43992   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 11:45:58   77312   ----a-w-   C:\Windows\System32\packager.dll
2012-01-11 11:45:58   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2012-01-03 13:10:44   182672   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10:44   182672   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-30 21:02:52   23896   ----a-w-   C:\Windows\System32\RegistryDefragBootTime.exe
2011-12-27 12:31:57   174200   ----a-w-   C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-10 19:24:08   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-11-17 06:49:14   95600   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14   152432   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43   459232   ----a-w-   C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18   1731920   ----a-w-   C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28   395776   ----a-w-   C:\Windows\System32\webio.dll
2011-11-17 06:35:26   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25   340992   ----a-w-   C:\Windows\System32\schannel.dll
2011-11-17 06:35:25   28160   ----a-w-   C:\Windows\System32\secur32.dll
2011-11-17 06:35:19   1447936   ----a-w-   C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55   31232   ----a-w-   C:\Windows\System32\lsass.exe
2011-11-17 05:38:39   1292080   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02   314880   ----a-w-   C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52   224768   ----a-w-   C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2011-11-16 14:56:40   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 09:54:13   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-11-05 05:32:50   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-11-05 04:26:03   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2011-11-04 01:44:21   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 11:49:12.71 ===============

Hoov · « **Reply #6 on:** January 29, 2012, 11:00:19 AM »

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17/06/2011 12:47:12 PM
System Uptime: 29/01/2012 7:44:34 AM (4 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2A99
Processor: AMD Athlon(tm) II X4 640 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 290.504 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.488 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 466 GiB total, 196.266 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP117: 20/01/2012 5:48:14 AM - Norton 360 Registry Clean
RP118: 21/01/2012 12:04:01 PM - SiSoftware Sandra Lite
RP119: 21/01/2012 12:09:01 PM - Installed DirectX
RP120: 27/01/2012 5:01:22 AM - Norton 360 Registry Clean
RP121: 29/01/2012 11:19:39 AM - Installed HiJackThis
RP122: 29/01/2012 11:30:10 AM - Removed Google Talk Plugin
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Advanced SystemCare 5
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Bandoo
BearShare Test
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
BufferChm
Cake Mania
Chuzzle Deluxe
Cisco Connect
Compaq Setup Manager
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D110
D3DX10
Destinations
DeviceDiscovery
DivX Setup
Dora's World Adventure
Farm Frenzy
FATE
Final Drive Nitro
Free YouTube to MP3 Converter version 3.10.14.1206
G Data CloudSecurity
Galerie de photos Windows Live
Game Booster 3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
HP Customer Experience Enhancements
HP Game Console
HP Games
HP Odometer
HP Photo Creations
HP Product Detection
HP Setup
HP Support Information
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
IMVU Avatar Chat Software
IObit Malware Fighter
Jacquie Lawson London Advent Calendar
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.0.1800
ManyCam 2.6.65 (remove only)
Mario Forever 5.01
MarketResearch
Memeo AutoSync
Memeo Backup Premium
Memeo LifeAgent Explorer Extension
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
NCsoft Launcher
Norton 360
Norton Online Backup
NVIDIA ForceWare Network Access Manager
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
PS_AIO_07_D110_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
Recovery Manager
RuneScape Launcher 1.2
Safari
Scan
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 4.2
Smart Defrag 2
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.5
Status
Toolbox
TrayApp
TrueCrypt
TweakNow PowerPack 2011
TweakNow PowerPack 2011 SP3a
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.11
WebReg
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World Cup Cricket 20-20
World of Warcraft
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
29/01/2012 7:46:36 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
29/01/2012 7:45:04 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
27/01/2012 3:51:07 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
22/01/2012 3:19:31 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
22/01/2012 3:18:02 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
22/01/2012 3:18:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
22/01/2012 3:18:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/01/2012 3:18:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
22/01/2012 3:18:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
22/01/2012 3:17:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
22/01/2012 3:17:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
22/01/2012 3:17:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx truecrypt Wanarpv6 WfpLwf
22/01/2012 3:17:31 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
22/01/2012 3:17:31 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
22/01/2012 3:17:31 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
22/01/2012 3:17:31 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
22/01/2012 3:17:31 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
22/01/2012 3:17:31 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
22/01/2012 3:17:28 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
22/01/2012 3:17:28 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
22/01/2012 3:17:28 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
22/01/2012 3:17:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

Hoov · « **Reply #7 on:** January 29, 2012, 11:17:30 AM »

I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Now please update Malwarebytes' Anti-Malware and run a scan. If it finds anything, fix it and post the log. If it finds nothing post that log. Also tell me how the computer is running like this. If you go online, please limit it to only reputable sites, and limit the time online. All your protection is turned off running like this.

Also if you can, right click on the taskbar and select Taskmanager and tell me what your CPU usage and memory usage is.

kevin333777 · « **Reply #8 on:** January 29, 2012, 02:03:57 PM »

Hi again HOOV, i remember you as well.
I did as you said.
The problem with icons in desktop and task bar going white (As if attributes change to a defaul t program) have stopped after doing as you said.

BEFORE
RAM - 1.58 GB
CPU - 0-1% in use, but jumps up to 7% here and there.

AFTER
RAM - 1.11 GB

CPU - 0-1% but has jumps to 22% here and there.

Also something i noticed, when i installed my free version of Microsoft office 2010 that came with my computer, in "my computer" i got a Q: drive labaled "Microsoft Office Click-to-Run 2010 (Protected)" i am not sure if that is for Microsoft or what. It is not a drive, i am thinking maybe it is a feature within Office. When i click properties and look at disk space used its 0KB.

When i try to access it, it shows me "Q:\ is not accessable. Access denied." Pop up box.

I was in task manager opening file locations of my SVCHOST.EXE files, seeing if they are all in "System 32" file locations. I did find one that is in "sysWOW64" folder. Which i believe is "World of warcraft folder." In task manager it shows "svchost.exe *32" says it's systm process and for desription is says exactly the same as rest "svchosts" descriptions.

While writing this i saw 2 task manager icons in system tray, after closing one, one still remained. Clicking it and right clicking it did nothing. Might just be a glitch. I was able to end process and it did close.

I read what do to first before posting, and i must have read it wrong. Sorry about that.

Malwarebytes LOG

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: KEVIN-HP [administrator]

29/01/2012 2:24:45 PM
mbam-log-2012-01-29 (14-24-45).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 496685
Time elapsed: 1 hour(s), 35 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hoov · « **Reply #9 on:** January 29, 2012, 02:24:16 PM »

No worries.

About sysWOW64, this has nothing to do with World of Warcraft, it has to do with the 64bit part of windows. I believe it actually stands for something like system windows on windows 64 bit. There are some peculiarities with how the 64 bit version of windows runs, you found one of them.

About the Q drive, that is part of the version of Microsoft Office that you have. Take a look at this.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

kevin333777 · « **Reply #10 on:** January 29, 2012, 03:42:37 PM »

ComboFix 12-01-29.02 - Kevin 29/01/2012 17:07:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3839.2147 [GMT -4:00]
Running from: c:\users\Kevin\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xmlCD1E.tmp
c:\programdata\xmlD376.tmp
c:\programdata\xmlD490.tmp
c:\programdata\xmlD720.tmp
C:\Thumbs.db
c:\users\Kevin\AppData\Local\assembly\tmp
c:\windows\system32\java.exe
G:\Autorun.inf
G:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 21:19 . 2012-01-29 21:19   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-29 15:20 . 2012-01-29 15:20   388096   ----a-r-   c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-29 15:20 . 2012-01-29 15:20   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-26 20:09 . 2012-01-26 20:10   --------   d-----w-   c:\program files\iTunes
2012-01-26 20:09 . 2012-01-26 20:10   --------   d-----w-   c:\program files (x86)\iTunes
2012-01-26 20:09 . 2012-01-26 20:09   --------   d-----w-   c:\program files\iPod
2012-01-22 01:40 . 2012-01-22 01:40   --------   d-----w-   c:\program files\Microsoft Silverlight
2012-01-22 01:40 . 2012-01-22 01:40   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2012-01-21 16:09 . 2010-02-04 14:01   24920   ----a-w-   c:\windows\system32\X3DAudio1_7.dll
2012-01-21 16:06 . 2012-01-21 16:08   --------   d--h--w-   c:\windows\msdownld.tmp
2012-01-21 16:05 . 2012-01-21 16:05   --------   d-----w-   c:\program files\SiSoftware
2012-01-21 00:45 . 2012-01-21 00:45   --------   d-----w-   c:\users\Kevin\AppData\Local\APN
2012-01-20 02:47 . 2012-01-20 02:47   --------   d-----w-   c:\program files (x86)\Conduit
2012-01-20 02:47 . 2012-01-29 15:31   --------   d-----w-   c:\users\Kevin\AppData\Local\Conduit
2012-01-18 16:09 . 2012-01-18 16:09   --------   d-----w-   c:\programdata\MemeoCommon
2012-01-18 16:08 . 2012-01-18 16:08   --------   d-----w-   c:\users\Kevin\AppData\Roaming\Seagate
2012-01-18 16:07 . 2012-01-18 16:07   --------   d-----w-   c:\windows\[SystemFolder]
2012-01-18 16:07 . 2012-01-18 16:07   --------   d-----w-   c:\program files\Memeo
2012-01-18 16:06 . 2012-01-19 16:41   --------   d-----w-   c:\users\Kevin\AppData\Roaming\Memeo
2012-01-18 16:06 . 2012-01-18 16:06   --------   d-----w-   c:\program files (x86)\Common Files\Memeo
2012-01-18 16:06 . 2012-01-18 16:08   --------   d-----w-   c:\program files (x86)\Memeo
2012-01-18 16:05 . 2012-01-18 16:06   --------   d-----w-   c:\program files (x86)\Seagate
2012-01-18 16:03 . 2012-01-18 16:03   --------   d-----w-   c:\users\Kevin\AppData\Roaming\Leadertech
2012-01-18 13:55 . 2011-12-16 21:21   31576   ----a-w-   c:\windows\system32\SmartDefragBootTime.exe
2012-01-18 13:55 . 2010-11-26 22:02   17720   ----a-w-   c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-18 01:14 . 2012-01-18 01:14   626688   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-18 01:14 . 2012-01-18 01:14   548864   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-18 01:14 . 2012-01-18 01:14   479232   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-18 01:14 . 2012-01-18 01:14   43992   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 11:45 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 11:45 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2012-01-03 13:10 . 2012-01-03 13:10   182672   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10   182672   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 21:02 . 2011-12-02 17:01   23896   ----a-w-   c:\windows\system32\RegistryDefragBootTime.exe
2011-12-27 12:31 . 2011-12-27 12:31   174200   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-10 19:24 . 2011-06-20 14:50   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-14 11:06   3145216   ----a-w-   c:\windows\system32\win32k.sys
2011-11-16 14:56 . 2011-06-28 14:21   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 09:54 . 2011-06-28 14:50   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-11-05 05:32 . 2011-12-14 11:06   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 11:06   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 07:01   2309120   ----a-w-   c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 07:01   1390080   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 07:01   1493504   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 07:01   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 07:01   1798144   ----a-w-   c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 07:01   1427456   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 07:01   1127424   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 07:01   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 135664]
R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
R4 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-05-12 25824]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE

R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-18 93848]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120126.003\IDSvia64.sys [2011-11-30 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 14:49]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 14:49]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937099932-2366797611-2386893369-1001Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 14:49]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937099932-2366797611-2386893369-1001UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 14:49]
.
2012-01-29 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-11-15 22:36]
.
2012-01-28 c:\windows\Tasks\HPCeeScheduleForKEVIN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-01-05 c:\windows\Tasks\HPCeeScheduleForKevin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102868&gct=hp
uLocal Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vgc6tuyp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-01-29 17:35:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-29 21:35
.
Pre-Run: 311,175,073,792 bytes free
Post-Run: 311,024,209,920 bytes free
.
- - End Of File - - D003363F1E4CA8DEB98AE928BB3659B9

Hoov · « **Reply #11 on:** January 29, 2012, 04:16:55 PM »

I noticed this before, but figured it was far down the list, but you are using one or more products from IOBit.
IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
Please see this for additional information on these allegations: http://www.malwarebytes.org/forums/index.php?showtopic=29681

Additionally, both WOT and SiteAdvisor have flagged IOBit’s site.

A thread in the IOBit’s forum responded to the accusations from MalwareBytes.
It is noteworthy that several responses from users raising specific questions about IOBit’s response and finding it unsatisfactory were deleted and the thread was closed.
The bottom line from IOBit was:“No hard proof shows that IObit stole database of Malwarebytes.”

At least until the issues of possible database theft and spyware packaging is resolved, SpywareHammer recommends against the use of IOBit products.

Now please run msconfig again and select normal startup then click apply then OK and reboot the computer. Let me know how it is running now.

kevin333777 · « **Reply #12 on:** January 29, 2012, 04:33:52 PM »

When i log in the black screen that hangs before i can log in is gone. But now after i log in the black screen is hanging after it logs me in before i see desktop. Not really sure about the rest of the things.

Hoov · « **Reply #13 on:** January 29, 2012, 05:48:18 PM »

Try this if you can. Once you boot up start a browser as you said you could then

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4

Double-click on the Rkill desktop icon to run the tool.
If using Vista, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.

Now run combofix again just as you did before.

Let me know if you can't do this.
[/list]

kevin333777 · « **Reply #14 on:** January 29, 2012, 07:12:59 PM »

The attributes and log on screen seem to have come back. The hang up on start up isn't much now though.

I have to get to bed early tonight, and i will be able to check back in the morning. Thanks

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 29/01/2012 at 20:38:49.
Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe

Rkill completed on 29/01/2012 at 20:39:15.

_____________________________________________________________________________

ComboFix 12-01-29.02 - Kevin 29/01/2012 20:43:19.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3839.2363 [GMT -4:00]
Running from: c:\users\Kevin\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 01:03 . 2012-01-30 01:03   0   ---ha-w-   c:\users\Kevin\AppData\Local\BIT118C.tmp
2012-01-30 01:00 . 2012-01-30 01:00   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-29 15:20 . 2012-01-29 15:20   388096   ----a-r-   c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-29 15:20 . 2012-01-29 15:20   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-01-26 20:09 . 2012-01-26 20:10   --------   d-----w-   c:\program files\iTunes
2012-01-26 20:09 . 2012-01-26 20:10   --------   d-----w-   c:\program files (x86)\iTunes
2012-01-26 20:09 . 2012-01-26 20:09   --------   d-----w-   c:\program files\iPod
2012-01-22 01:40 . 2012-01-22 01:40   --------   d-----w-   c:\program files\Microsoft Silverlight
2012-01-22 01:40 . 2012-01-22 01:40   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2012-01-21 16:09 . 2010-02-04 14:01   24920   ----a-w-   c:\windows\system32\X3DAudio1_7.dll
2012-01-21 16:06 . 2012-01-21 16:08   --------   d--h--w-   c:\windows\msdownld.tmp
2012-01-21 16:05 . 2012-01-21 16:05   --------   d-----w-   c:\program files\SiSoftware
2012-01-21 00:45 . 2012-01-21 00:45   --------   d-----w-   c:\users\Kevin\AppData\Local\APN
2012-01-20 02:47 . 2012-01-20 02:47   --------   d-----w-   c:\program files (x86)\Conduit
2012-01-20 02:47 . 2012-01-29 15:31   --------   d-----w-   c:\users\Kevin\AppData\Local\Conduit
2012-01-18 16:09 . 2012-01-18 16:09   --------   d-----w-   c:\programdata\MemeoCommon
2012-01-18 16:08 . 2012-01-18 16:08   --------   d-----w-   c:\users\Kevin\AppData\Roaming\Seagate
2012-01-18 16:07 . 2012-01-18 16:07   --------   d-----w-   c:\windows\[SystemFolder]
2012-01-18 16:07 . 2012-01-18 16:07   --------   d-----w-   c:\program files\Memeo
2012-01-18 16:06 . 2012-01-19 16:41   --------   d-----w-   c:\users\Kevin\AppData\Roaming\Memeo
2012-01-18 16:06 . 2012-01-18 16:06   --------   d-----w-   c:\program files (x86)\Common Files\Memeo
2012-01-18 16:06 . 2012-01-18 16:08   --------   d-----w-   c:\program files (x86)\Memeo
2012-01-18 16:05 . 2012-01-18 16:06   --------   d-----w-   c:\program files (x86)\Seagate
2012-01-18 16:03 . 2012-01-18 16:03   --------   d-----w-   c:\users\Kevin\AppData\Roaming\Leadertech
2012-01-18 13:55 . 2011-12-16 21:21   31576   ----a-w-   c:\windows\system32\SmartDefragBootTime.exe
2012-01-18 13:55 . 2010-11-26 22:02   17720   ----a-w-   c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-18 01:14 . 2012-01-18 01:14   626688   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-18 01:14 . 2012-01-18 01:14   548864   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-18 01:14 . 2012-01-18 01:14   479232   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-18 01:14 . 2012-01-18 01:14   43992   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 11:45 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 11:45 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2012-01-03 13:10 . 2012-01-03 13:10   182672   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10   182672   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 01:03 . 2012-01-30 01:03   0   ---ha-w-   c:\users\Kevin\AppData\Local\BIT821B.tmp
2011-12-30 21:02 . 2011-12-02 17:01   23896   ----a-w-   c:\windows\system32\RegistryDefragBootTime.exe
2011-12-27 12:31 . 2011-12-27 12:31   174200   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-10 19:24 . 2011-06-20 14:50   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-14 11:06   3145216   ----a-w-   c:\windows\system32\win32k.sys
2011-11-16 14:56 . 2011-06-28 14:21   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 09:54 . 2011-06-28 14:50   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-11-05 05:32 . 2011-12-14 11:06   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 11:06   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 07:01   2309120   ----a-w-   c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 07:01   1390080   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 07:01   1493504   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 07:01   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 07:01   1798144   ----a-w-   c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 07:01   1427456   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 07:01   1127424   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 07:01   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-29_21.21.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-30 01:01 . 2012-01-30 01:01   13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-01-29 21:19 . 2012-01-29 21:19   13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-06-17 16:06 . 2012-01-29 22:29   57532 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-29 22:29   36916 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-17 15:48 . 2012-01-29 22:29   14980 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3937099932-2366797611-2386893369-1001_UserData.bin
- 2012-01-29 21:20 . 2012-01-29 21:20   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-30 01:02 . 2012-01-30 01:02   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-29 21:20 . 2012-01-29 21:20   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-30 01:02 . 2012-01-30 01:02   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-01-29 21:19   235032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-30 01:01   235032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-20 15:17 . 2012-01-29 18:18   6514556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3937099932-2366797611-2386893369-1001-8192.dat
+ 2011-06-20 15:17 . 2012-01-30 01:01   6514556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3937099932-2366797611-2386893369-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2011-05-12 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-13 144608]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-01-12 4453208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-18 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120126.003\IDSvia64.sys [2011-11-30 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-05-12 25824]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-27 138360]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 14:49]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 14:49]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937099932-2366797611-2386893369-1001Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 14:49]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937099932-2366797611-2386893369-1001UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 14:49]
.
2012-01-30 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-11-15 22:36]
.
2012-01-28 c:\windows\Tasks\HPCeeScheduleForKEVIN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-01-05 c:\windows\Tasks\HPCeeScheduleForKevin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102868&gct=hp
uLocal Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vgc6tuyp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Bandoo\Bandoo.exe
.
**************************************************************************
.
Completion time: 2012-01-29 21:05:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 01:05
ComboFix2.txt 2012-01-29 21:35
.
Pre-Run: 311,086,436,352 bytes free
Post-Run: 310,744,911,872 bytes free
.
- - End Of File - - FA499FD0298A6BCD77E744E57BE47AEA

News:

Author Topic: [Inactive] Processes, Active X, Hanging start-up, HDD constant activity, etc (Read 2105 times)

kevin333777

[Inactive] Processes, Active X, Hanging start-up, HDD constant activity, etc

kevin333777

Re: Processes, Active X, Hanging start-up, HDD constant activity, programs etc

kevin333777

Re: Processes, Active X, Hanging start-up, HDD constant activity, programs etc

kevin333777

Re: Processes, Active X, Hanging start-up, HDD constant activity, programs etc

Hoov

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

Hoov

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

Hoov

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

Hoov

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

kevin333777

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

Hoov

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

kevin333777

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

Hoov

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

kevin333777

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

Hoov

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc

kevin333777

Re: [In Progress] Processes, Active X, Hanging start-up, HDD constant activity, etc