[Resolved K] audio ads play & internet explorer is running in task manage

[gamer88]

hi, I have Windows Vista and recently audio ads have started play randomly and internet explorer is running in the task manager when internet explore is not open, I tried ending it's process in the task manager but it comes back after a bit. please help me.

[kevinf80]

Follow the instructions here NEW Instructions! What Do I Do First? post requested information...

kevinf80

[gamer88]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272  BrowserJavaVersion: 1.6.0_23
Run by bud at 17:57:50 on 2012-06-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1008 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [647062260] rundll32.exe "c:\users\bud\appdata\local\temp\nsvdc81.tmp\wmm2urx.pph",DllRegisterServer
uRun: [Valve] rundll32.exe c:\users\bud\appdata\local\valve\dcrjalnz.dll,mpegInSubpicAuxinfo
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon]
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ErrorTeck] c:\program files\errorteck\ErrorTeck.exe /scan
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: vizzed.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F0A1DF35-213C-4B81-AEAC-7FF9A62FEFA4} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bud\appdata\roaming\mozilla\firefox\profiles\z2dxw8f1.default\
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6e3e962c-e26d-4dc9-b8bd-ecb6a397f404%7D&mid=51da8bfd68834281a8c242c38a6dd1f9-1b19112ce320b6182ff2aba4488068f815dd914b&ds=hk011&v=11.1.0.7&lang=en&pr=sa&d=2012-06-05%2001%3A30%3A23&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\program files\vizzed\vizzed retro game room\NpVizzedRgr.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\bud\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 antivirservice;Curtainssyssvc;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DMUSBUSBDCam;NxFsMon;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S2 pavdrv;UMAXPCLS;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-18 08:10:54   6737808   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{00e7571d-8b58-4bb0-98b1-63d3e9d8c79e}\mpengine.dll
2012-06-17 23:37:13   --------   d-----w-   c:\program files\CCleaner
2012-06-17 22:48:02   6737808   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-17 22:39:17   --------   d-----w-   c:\program files\PC Tools
2012-06-17 22:35:17   203088   ----a-w-   c:\windows\system32\drivers\PCTSD.sys
2012-06-17 22:35:04   --------   d-----w-   c:\program files\common files\PC Tools
2012-06-17 22:33:22   --------   d-----w-   c:\programdata\PC Tools
2012-06-17 22:33:14   --------   d-----w-   c:\users\bud\appdata\roaming\TestApp
2012-06-17 22:22:02   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-06-13 22:36:35   713784   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{8daf66aa-96b0-4e3b-b3b7-c6e7e47b4a18}\gapaengine.dll
2012-06-12 22:40:10   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-12 22:40:10   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-12 22:40:10   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-06 10:16:19   --------   d-----w-   c:\users\bud\appdata\roaming\com.coursevector.minerva.4B7C391846352DEBEB1247C875B4670B2F776CD0.1
2012-06-06 10:13:13   --------   d-----w-   c:\program files\Course Vector
2012-06-05 08:37:37   --------   d-----w-   c:\users\bud\appdata\local\WinZip
2012-06-04 00:31:08   --------   d-----w-   c:\program files\common files\xing shared
2012-06-04 00:26:25   129144   ----a-w-   c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-06-03 11:20:47   --------   d-----w-   c:\users\bud\appdata\local\CheeryChickenSA
2012-05-31 10:33:18   --------   d-----w-   c:\users\bud\appdata\local\Valve
2012-05-22 09:50:40   --------   d-----w-   c:\users\bud\appdata\roaming\Magic Academy
2012-05-22 09:38:10   --------   d-----w-   c:\program files\WildTangent Games
.
==================== Find3M  ====================
.
2012-06-16 22:28:36   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 22:28:36   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-06-04 00:24:41   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2012-06-04 00:24:40   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2012-05-15 19:51:08   2045440   ----a-w-   c:\windows\system32\win32k.sys
2012-05-15 06:37:49   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-05-15 06:32:25   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2012-05-15 06:32:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-05-15 06:31:44   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2012-05-15 06:31:43   71680   ----a-w-   c:\windows\system32\iesetup.dll
2012-05-15 05:01:56   385024   ----a-w-   c:\windows\system32\html.iec
2012-05-15 03:26:05   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-05-15 03:23:41   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-04-20 23:06:40   0   --sha-w-   c:\windows\system32\dds_trash_log.cmd
2012-04-03 08:16:12   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11   914304   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19   31232   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2012-03-21 03:44:12   74112   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12   171064   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 17:59:42.27 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/5/2008 4:32:08 PM
System Uptime: 6/18/2012 3:35:06 PM (2 hours ago)
.
Motherboard: Hewlett-Packard |  | 30D9
Processor: Intel(R) Pentium(R) Dual  CPU  T2390  @ 1.86GHz | CPU | 800/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 72.558 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.459 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.3)
Adobe Setup
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bonjour
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Course Vector .minerva
CustomerResearchQFolder
D1400
D1400_Help
DAEMON Tools Toolbar
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Dracula Twins
DVD Suite
EA Link
EasyBits GO
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 B2
HP Smart Web Printing 4.60
HP Total Care Advisor
HP Update
HP User Guides 0093
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPSSupply
ieSpell
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
Java Auto Updater
Java(TM) 6 Update 23
Katawa Shoujo
KeyBlaze Typing Tutor
L&H TTS3000 British English
LabelPrint
LightScribe System Software  1.10.13.1
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
NetWaiting
OGA Notifier 2.0.0048.0
OpenAL
PanoStandAlone
PDF Settings
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
Quivi 1.2.1
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
Status
Steam
swMSM
Toolbox
Touch Pad Driver
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
WeatherBug Gadget
WebReg
WildTangent Games App (HP Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinZip 16.5
WinZip Courier
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Zpaction service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Yukonwxp service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Xusb21 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Xfilt service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Wmccdsls service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The WmBEnum service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Wampmysqld service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The W810mdfl service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The W70n51 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The W3svc service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Vusbbus service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Vulfntrs service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Vpn5000service service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Videoacceleratorengine service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The VICESYS service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Vet-rec service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The UMAXPCLS service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Tsmservice service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The TOSHIBASoftModem service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Tng-doba service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The TMKEmu service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Tiwlnsvc service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Symlcbrd service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Symids service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The SunkFilt service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The STV672 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Sscdserd service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The SRTSP service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Sptisrv service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The SndTDriverV32 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Smbios service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The SISNICXP service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Se59mdfl service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Scsk4 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Sbpci service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Sandrathesrv service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The S117mdfl service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The S116mdfl service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Rxfilter service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Rtl8029 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Rt61 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Roxliveshare9 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Risdptsk service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Raysat3_4_6_18server service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Qconsvc service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Perc2hib service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Penrendezvous service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Pav_security service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The P3 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Ood2000 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The NxFsMon service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The NvNdis service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Nicser_wmp11 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Ngserver service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Mwlsvc service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Msmframework service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The MSCamSvc service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Mr7910 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The MaRdPnp service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Lvprcsrv service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The LVPrcMon service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Lsdiorw service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Lkclassads service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Licenseservice service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Itchfltr service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Ipsecmon service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Int15 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Incdrec service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The I81x service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The HSONYPVh service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The HSFHWALI service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Hcf_msft service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Ftdisk service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Fsma service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Fsdfwd service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The FET5X86V service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Epsonbidirectionalagent service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The EACSvrMngr service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The DSXUSB service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Dsbrokerservice service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Dot4 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Dkeysync service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Digirefresh service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The DcFpoint service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Curtainssyssvc service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The CTSYN service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Cimnotify service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Cercsr6 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Cebdaldr service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The C-dillacdac11ba service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Buslogic service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Bthpan service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Bdfdll service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Avipbb service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Avcgbfl service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Areschatserver service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The AppnApi service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Amfilter service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Adiloader service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Acedrv05 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Acdpowerservice service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The Abnetmon service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7023]  - The A4S2600 service terminated with the following error:  The specified module could not be found.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/18/2012 3:36:15 PM, Error: Service Control Manager [7000]  - The SupportSoft RemoteAssist service failed to start due to the following error:  The system cannot find the file specified.
6/18/2012 3:35:45 PM, Error: Microsoft-Windows-ResourcePublication [1002]  - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish.  Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
6/17/2012 3:49:24 PM, Error: PCTCore [280]  -
6/17/2012 3:33:45 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user bud-PC\bud SID (S-1-5-21-1277243023-3627309776-1030012826-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/14/2012 5:38:37 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.127.1941.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.8403.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================

[kevinf80]

Hello gamer88 and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

• Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
• Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
• Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
• Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  
• If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Step 1

See if you can turn ON System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on "System Protection" under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Check the box for any drive you wish to ENable system restore on (in most cases, drive "C:")
7. Click OK
8. ENsure to create a new restore point.
9. Restart computer

Step 2

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2 
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

Code: [Select]

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"647062260"=-
"Valve"=-
:Files
ipconfig /flushdns /c
c:\users\bud\appdata\local\temp\nsvdc81.tmp
c:\users\bud\appdata\local\valve
:Commands
[CreateRestorePoint]


• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 3

Download  RogueKiller (by tigzy) and save direct to your Desktop.

• Quit all programs
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
• Ensure all boxes are ticked under "Report" tab.
• Click on Scan.
• Click on Report when complete.Copy/paste the content of the report and paste to next reply....

Post logs from OTM and RogueKiller...

Kevin

[gamer88]

========= REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\647062260 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Valve not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\bud\Desktop\cmd.bat deleted successfully.
C:\Users\bud\Desktop\cmd.txt deleted successfully.
File/Folder c:\users\bud\appdata\local\temp\nsvdc81.tmp not found.
File/Folder c:\users\bud\appdata\local\valve not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
 
OTM by OldTimer - Version 3.1.19.0 log created on 06192012_003215

RogueKiller V7.5.4 [06/07/2012]  by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: bud [Admin rights]
Mode: Scan -- Date: 06/19/2012 00:44:44

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] dcrjalnz.dll -- C:\Users\bud\AppData\Local\Valve\dcrjalnz.dll -> UNLOADED

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] RunAsStdUser Task.job @ : C:\Users\bud\AppData\Local\cheerychickenSA\bin\1.0.8.0\CheeryChickenSA.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[FOLDER] plugs : c:\users\bud\appdata\roaming\adobe\plugs --> FOUND
[FOLDER] shed : c:\users\bud\appdata\roaming\adobe\shed --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542516K9SA00 +++++
--- User ---
[MBR] 85f01e1f19eed47c924a3d65a4fd3410
[BSP] dcaf4eacc0a1935cd5744422f23b4c50 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140882 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 288527400 | Size: 11742 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

[kevinf80]

Continue as follows please:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

• Ensure that Combofix is saved directly to the Desktop <--- Very important
  
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  
  
• Close any open browsers and any other programs you might have running
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  
  
• Instructions for running Combofix available Here if required.
  
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
     
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

[gamer88]

ComboFix 12-06-16.02 - bud 06/19/2012  13:27:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1287 [GMT -7:00]
Running from: c:\users\bud\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SaverZZ.com
c:\program files\SaverZZ.com\Free Screensaver\ssaver.exe
c:\users\bud\AppData\Roaming\Adobe\plugs
c:\users\bud\AppData\Roaming\Adobe\plugs\KB17804347.exe
c:\users\bud\AppData\Roaming\Adobe\plugs\KB17804440.exe
c:\users\bud\AppData\Roaming\Adobe\plugs\KB17805938.exe
c:\users\bud\AppData\Roaming\Adobe\plugs\KB17806016.exe
c:\users\bud\AppData\Roaming\Adobe\plugs\KB27651426.exe
c:\users\bud\AppData\Roaming\Adobe\plugs\KB27651473.exe
c:\users\bud\AppData\Roaming\Adobe\plugs\KB27651504.exe
c:\users\bud\AppData\Roaming\Adobe\plugs\KB27652550.exe
c:\users\bud\AppData\Roaming\Adobe\shed
c:\users\bud\AppData\Roaming\Mozilla\Firefox\Profiles\z2dxw8f1.default\extensions\{417b8345-fb7f-4968-ade2-757421ce97d7}
c:\users\bud\AppData\Roaming\Mozilla\Firefox\Profiles\z2dxw8f1.default\extensions\{417b8345-fb7f-4968-ade2-757421ce97d7}\chrome.manifest
c:\users\bud\AppData\Roaming\Mozilla\Firefox\Profiles\z2dxw8f1.default\extensions\{417b8345-fb7f-4968-ade2-757421ce97d7}\chrome\xulcache.jar
c:\users\bud\AppData\Roaming\Mozilla\Firefox\Profiles\z2dxw8f1.default\extensions\{417b8345-fb7f-4968-ade2-757421ce97d7}\install.rdf
c:\windows\$NtUninstallKB36178$
c:\windows\$NtUninstallKB36178$\1362102191
c:\windows\$NtUninstallKB36178$\2328954755\@
c:\windows\$NtUninstallKB36178$\2328954755\cfg.ini
c:\windows\$NtUninstallKB36178$\2328954755\Desktop.ini
c:\windows\$NtUninstallKB36178$\2328954755\L\qnbwvoto
c:\windows\$NtUninstallKB36178$\2328954755\oemid
c:\windows\$NtUninstallKB36178$\2328954755\U\00000001.@
c:\windows\$NtUninstallKB36178$\2328954755\U\00000002.@
c:\windows\$NtUninstallKB36178$\2328954755\U\00000004.@
c:\windows\$NtUninstallKB36178$\2328954755\U\80000000.@
c:\windows\$NtUninstallKB36178$\2328954755\U\80000004.@
c:\windows\$NtUninstallKB36178$\2328954755\U\80000032.@
c:\windows\$NtUninstallKB36178$\2328954755\version
c:\windows\system32\AutoRun.inf
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\KBL.LOG
c:\windows\system32\msgame.dll
c:\windows\system32\SCLabel.ocx
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_antivirservice
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-19 to 2012-06-19  )))))))))))))))))))))))))))))))
.
.
2012-06-19 20:44 . 2012-06-19 20:47   --------   d-----w-   c:\users\bud\AppData\Local\temp
2012-06-19 07:46 . 2012-05-08 16:40   6737808   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-19 07:26 . 2012-06-19 07:26   --------   d-----w-   C:\_OTM
2012-06-17 23:37 . 2012-06-17 23:37   --------   d-----w-   c:\program files\CCleaner
2012-06-17 22:39 . 2012-06-17 23:28   --------   d-----w-   c:\program files\PC Tools
2012-06-17 22:35 . 2012-05-11 18:14   203088   ----a-w-   c:\windows\system32\drivers\PCTSD.sys
2012-06-17 22:35 . 2012-06-17 23:28   --------   d-----w-   c:\program files\Common Files\PC Tools
2012-06-17 22:33 . 2012-06-17 23:26   --------   d-----w-   c:\programdata\PC Tools
2012-06-17 22:33 . 2012-06-17 22:33   --------   d-----w-   c:\users\bud\AppData\Roaming\TestApp
2012-06-17 22:22 . 2012-06-18 07:27   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-06-13 22:36 . 2012-02-12 00:24   713784   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DAF66AA-96B0-4E3B-B3B7-C6E7E47B4A18}\gapaengine.dll
2012-06-12 22:40 . 2012-04-23 16:00   984064   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-12 22:40 . 2012-04-23 16:00   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-12 22:40 . 2012-04-23 16:00   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-06 10:16 . 2012-06-06 10:16   --------   d-----w-   c:\users\bud\AppData\Roaming\com.coursevector.minerva.4B7C391846352DEBEB1247C875B4670B2F776CD0.1
2012-06-06 10:13 . 2012-06-06 10:13   --------   d-----w-   c:\program files\Course Vector
2012-06-05 08:37 . 2012-06-05 08:37   --------   d-----w-   c:\users\bud\AppData\Local\WinZip
2012-06-04 00:31 . 2012-06-04 00:31   --------   d-----w-   c:\program files\Common Files\xing shared
2012-06-04 00:26 . 2012-06-04 00:26   129144   ----a-w-   c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-03 11:20 . 2012-06-03 11:20   --------   d-----w-   c:\users\bud\AppData\Local\CheeryChickenSA
2012-05-22 09:50 . 2012-05-22 09:51   --------   d-----w-   c:\users\bud\AppData\Roaming\Magic Academy
2012-05-22 09:38 . 2012-05-22 09:38   --------   d-----w-   c:\program files\WildTangent Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 22:28 . 2012-04-20 02:39   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 22:28 . 2012-04-20 02:39   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-06-04 00:24 . 2003-02-21 09:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2012-06-04 00:24 . 2003-03-19 01:14   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2012-04-03 08:16 . 2012-05-10 21:25   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 21:25   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-10 21:26   914304   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2012-05-10 21:26   31232   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2011-03-18 17:53 . 2011-04-12 04:23   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-04 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
bwcsrv
s616nd5
statusagent4
sfsync02
JRAID
mfetdik
nvsmu
tosrfnds
riomsc
ZDPNDIS5
RushTopDevice
iclarityqosservice
btwhid
psdvdisk
tosrfhid
atmarpc
s3savagenb
cpqrcmc
avupdsvc
servicemgr
dot4ufd
acmservice
netdetect
se2Cunic
ageresoftmodem
eeyeevnt
spsslm
DMUSBUSBDCam
twotrack
VCAM
cxpt_service
ptilink
id2scaps
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
pavdrv
asp.net
ood2000
tdrpman
SABSVC
ql2100
dlacdbhm
hsfhwbs2
GENERICDRV
thotkey
flashcom
issvc
ELmon
roammgr
sit_mdm
usbio
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
captureservice
EPSON_EB_RPCV4_01
OsaFsLoc
TOSHIBASoftModem
iaimfp1
dmboot
DSDrv4
dac2w2k
sifilter
zendcoreapache
mrobeservice
GoogleDesktopManager-010708-104812
admservice
s116mgmt
SeratoUsb
arcltsrv
P16X
pnrouter
phnxvcdservice
usbmate
wacomvhid
mqdmbus
atalk
se59nd5
nv4
avsinc
penclass
Mtlmnt5
s217bus
inspect
cqmghost
ctusfsyn
lvpopflt
k750mgmt
sr
ccalib8
{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
steamdvr
ni_nic
NSNDIS5
com0com
se2Eunic
vmx86
asmagent
cnxtdiag
WmUsbHid
axsaki
AsDsm
paamsrv
nvatabus
wpsdrvnt
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\bud\AppData\Roaming\Mozilla\Firefox\Profiles\z2dxw8f1.default\
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6e3e962c-e26d-4dc9-b8bd-ecb6a397f404%7D&mid=51da8bfd68834281a8c242c38a6dd1f9-1b19112ce320b6182ff2aba4488068f815dd914b&ds=hk011&v=11.1.0.7&lang=en&pr=sa&d=2012-06-05%2001%3A30%3A23&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-ErrorTeck - c:\program files\ErrorTeck\ErrorTeck.exe
SafeBoot-09576107.sys
SafeBoot-35867642.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-19 13:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(340)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\msiexec.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-06-19  13:54:03 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-19 20:53
.
Pre-Run: 79,370,305,536 bytes free
Post-Run: 79,337,738,240 bytes free
.
- - End Of File - - 3447919E9D4BEDB899DA55DBB9B61420

[kevinf80]

How is your system responding, have the audio ads ceased...

Run the following:

Step 1

Run ESET Online Scan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
• Check
  
• Leave the tick out of remove found threats
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push
  

You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Step 2

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin

[gamer88]

as of today I haven't had any audio ads.

C:\Documents and Settings\bud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3f8f29a9-6553e231   Java/Exploit.CVE-2012-0507.BO trojan
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll   Win32/OpenCandy application
C:\Qoobox\Quarantine\C\Users\bud\AppData\Roaming\Mozilla\Firefox\Profiles\z2dxw8f1.default\extensions\{417b8345-fb7f-4968-ade2-757421ce97d7}\chrome.manifest.vir   Win32/TrojanDownloader.Tracur.F trojan
C:\Users\bud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3f8f29a9-6553e231   Java/Exploit.CVE-2012-0507.BO trojan

 Results of screen317's Security Check version 0.99.42 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 CCleaner     
 Java(TM) 6 Update 23 
 Java version out of Date!
 Adobe Flash Player    11.2.202.235 
 Adobe Reader X (10.1.3)
 Mozilla Firefox 4.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 8 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````[/u]

[kevinf80]

Re-run OTM.exe Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

Code: [Select]

:Files
ipconfig /flushdns /c
:Commands
[EmptyTemp]


• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
If Java or Adobe as updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed.

Let me know how your system is responding, also if any remaining issues or concerns...

Kevin..

[gamer88]

my system is running fine and internet explorer doesn't appear in the processes area of the task manager when internet explorer is not even open anymore.

I found three logs in the MovedFiles file of _OMoveIt file, I'll post all three of them below just to be sure.

 All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\bud\Desktop\cmd.bat deleted successfully.
C:\Users\bud\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: bud
->Temp folder emptied: 27469093 bytes
->Temporary Internet Files folder emptied: 204980535 bytes
->Java cache emptied: 1749845 bytes
->FireFox cache emptied: 64911008 bytes
->Flash cache emptied: 2890460 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6465 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 288.00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 06192012_232145

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\647062260 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Valve deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\bud\Desktop\cmd.bat deleted successfully.
C:\Users\bud\Desktop\cmd.txt deleted successfully.
File/Folder c:\users\bud\appdata\local\temp\nsvdc81.tmp not found.
c:\users\bud\appdata\local\Valve folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
 
OTM by OldTimer - Version 3.1.19.0 log created on 06192012_002613

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\647062260 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Valve not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\bud\Desktop\cmd.bat deleted successfully.
C:\Users\bud\Desktop\cmd.txt deleted successfully.
File/Folder c:\users\bud\appdata\local\temp\nsvdc81.tmp not found.
File/Folder c:\users\bud\appdata\local\valve not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
 
OTM by OldTimer - Version 3.1.19.0 log created on 06192012_003215

[kevinf80]

Run your system freely, when you`re satisfied all is OK come back, let me know and we`ll clean up and remove all tools etc..

Thanks,

Kevin

[gamer88]

everything is OK.

[kevinf80]

There have been issues with Combofix when UNistalling, Internet connections have been lost. There is now a fix, we need to complete this first and make sure all is OK before we progress with the rest of the clean up.

Delete Combofix from the desktop, d/l a fresh copy and save to desktop again from either of the following links:

Link 1
Link 2

All we now need to do is run the UNinstall command as follows:

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
  
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Let me know if that completes successfully....

Kevin

[gamer88]

Combofix was successfully uninstalled.