Inactive IE unresponsive/long load times & screen freezing

[Russ_D]

Hi - I am a bit of a noob when it comes to computers. Would someone be kind enough to check my logs to see if I have any issues. Thanks in advance


[FONT=Courier New]Malwarebytes Anti-Malware (Trial) 1.65.0.1400[/FONT]
[FONT=Courier New]www.malwarebytes.org[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Database version: v2012.10.16.13[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Windows 7 Service Pack 1 x64 NTFS[/FONT]
[FONT=Courier New]Internet Explorer 9.0.8112.16421[/FONT]
[FONT=Courier New]User :: WORKPOOTER [administrator][/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Protection: Enabled[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]16/10/2012 19:56:21[/FONT]
[FONT=Courier New]mbam-log-2012-10-16 (19-56-21).txt[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Scan type: Quick scan[/FONT]
[FONT=Courier New]Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM[/FONT]
[FONT=Courier New]Scan options disabled: P2P[/FONT]
[FONT=Courier New]Objects scanned: 206457[/FONT]
[FONT=Courier New]Time elapsed: 4 minute(s), 48 second(s)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Memory Processes Detected: 0[/FONT]
[FONT=Courier New](No malicious items detected)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Memory Modules Detected: 0[/FONT]
[FONT=Courier New](No malicious items detected)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Registry Keys Detected: 0[/FONT]
[FONT=Courier New](No malicious items detected)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Registry Values Detected: 0[/FONT]
[FONT=Courier New](No malicious items detected)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Registry Data Items Detected: 0[/FONT]
[FONT=Courier New](No malicious items detected)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Folders Detected: 0[/FONT]
[FONT=Courier New](No malicious items detected)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Files Detected: 0[/FONT]
[FONT=Courier New](No malicious items detected)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New](end)[/FONT]

 

[Russ_D]

GMER did not create a log

 

[Russ_D]

[FONT=Courier New]DDS (Ver_2012-10-14.05) - NTFS_AMD64 [/FONT]
[FONT=Courier New]Internet Explorer: 9.0.8112.16421[/FONT]
[FONT=Courier New]Run by User at 22:30:32 on 2012-10-16[/FONT]
[FONT=Courier New]Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8044.5846 [GMT 1:00][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}[/FONT]
[FONT=Courier New]SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}[/FONT]
[FONT=Courier New]SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============== Running Processes ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]C:\Windows\system32\wininit.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\lsm.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k DcomLaunch[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k RPCSS[/FONT]
[FONT=Courier New]c:\Program Files\Microsoft Security Client\MsMpEng.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k netsvcs[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k LocalService[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k NetworkService[/FONT]
[FONT=Courier New]C:\Windows\system32\WLANExt.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\conhost.exe[/FONT]
[FONT=Courier New]C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[/FONT]
[FONT=Courier New]C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\spoolsv.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Launch Manager\dsiwmis.exe[/FONT]
[FONT=Courier New]C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[/FONT]
[FONT=Courier New]C:\Program Files\Acer\Acer Updater\UpdaterService.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Unipass\Securemail Client\bin\ppauxsrv.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k imgsvc[/FONT]
[FONT=Courier New]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[/FONT]
[FONT=Courier New]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[/FONT]
[FONT=Courier New]C:\Windows\system32\SearchIndexer.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Unipass\Securemail Client\bin\ppSrv.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Unipass\Securemail Client\bin\TmecSrv.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\taskhost.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\Dwm.exe[/FONT]
[FONT=Courier New]C:\Windows\Explorer.EXE[/FONT]
[FONT=Courier New]C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\taskeng.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\igfxtray.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\hkcmd.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\igfxpers.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\igfxsrvc.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\igfxext.exe[/FONT]
[FONT=Courier New]C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\wbem\unsecapp.exe[/FONT]
[FONT=Courier New]C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[/FONT]
[FONT=Courier New]C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[/FONT]
[FONT=Courier New]C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[/FONT]
[FONT=Courier New]C:\Windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Courier New]C:\Program Files\Microsoft Security Client\msseces.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[/FONT]
[FONT=Courier New]C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[/FONT]
[FONT=Courier New]C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe[/FONT]
[FONT=Courier New]C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[/FONT]
[FONT=Courier New]C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\RunDll32.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[/FONT]
[FONT=Courier New]C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Launch Manager\LManager.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Unipass\Securemail Client\bin\pptray.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\svchost.exe -k LocalServicePeerNet[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Launch Manager\LMworker.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[/FONT]
[FONT=Courier New]C:\Program Files\Windows Media Player\wmpnetwk.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\DllHost.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[/FONT]
[FONT=Courier New]C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[/FONT]
[FONT=Courier New]C:\Program Files\HP\HP Photosmart 7510 series\bin\HPNetworkCommunicator.exe[/FONT]
[FONT=Courier New]C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[/FONT]
[FONT=Courier New]c:\Program Files\Microsoft Security Client\NisSrv.exe[/FONT]
[FONT=Courier New]C:\Program Files (x86)\Mozilla Firefox\firefox.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\conhost.exe[/FONT]
[FONT=Courier New]C:\Windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Courier New]C:\Windows\System32\cscript.exe[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============== Pseudo HJT Report ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]uStart Page = hxxp://www.google.co.uk/[/FONT]
[FONT=Courier New]uSearch Bar = Preserve[/FONT]
[FONT=Courier New]mStart Page = hxxp://acer.msn.com[/FONT]
[FONT=Courier New]mDefault_Page_URL = hxxp://acer.msn.com[/FONT]
[FONT=Courier New]mWinlogon: Userinit = userinit.exe[/FONT]
[FONT=Courier New]BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\User\AppData\Roaming\Complitly\Complitly.dll[/FONT]
[FONT=Courier New]BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll[/FONT]
[FONT=Courier New]BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll[/FONT]
[FONT=Courier New]BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll[/FONT]
[FONT=Courier New]BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/FONT]
[FONT=Courier New]BHO: ppBHOReader Class: {AC36AB03-0C7B-4363-A48E-342B7419337C} - C:\Program Files (x86)\Unipass\Securemail Client\bin\ppBHO.dll[/FONT]
[FONT=Courier New]BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL[/FONT]
[FONT=Courier New]BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll[/FONT]
[FONT=Courier New]TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll[/FONT]
[FONT=Courier New]uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"[/FONT]
[FONT=Courier New]uRun: [HP Photosmart 7510 series (NET)] "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AK245NH05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1[/FONT]
[FONT=Courier New]mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[/FONT]
[FONT=Courier New]mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"[/FONT]
[FONT=Courier New]mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"[/FONT]
[FONT=Courier New]mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d[/FONT]
[FONT=Courier New]mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k[/FONT]
[FONT=Courier New]mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe[/FONT]
[FONT=Courier New]mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"[/FONT]
[FONT=Courier New]mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"[/FONT]
[FONT=Courier New]mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"[/FONT]
[FONT=Courier New]mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume[/FONT]
[FONT=Courier New]mRun: [Private Post Tray v4] "C:\Program Files (x86)\Unipass\Securemail Client\bin\ppTray.exe"[/FONT]
[FONT=Courier New]mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"[/FONT]
[FONT=Courier New]mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent[/FONT]
[FONT=Courier New]dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}[/FONT]
[FONT=Courier New]StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[/FONT]
[FONT=Courier New]StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe[/FONT]
[FONT=Courier New]StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe[/FONT]
[FONT=Courier New]mPolicies-Explorer: NoActiveDesktop = dword:1[/FONT]
[FONT=Courier New]mPolicies-Explorer: NoActiveDesktopChanges = dword:1[/FONT]
[FONT=Courier New]mPolicies-System: ConsentPromptBehaviorAdmin = dword:5[/FONT]
[FONT=Courier New]mPolicies-System: ConsentPromptBehaviorUser = dword:3[/FONT]
[FONT=Courier New]mPolicies-System: EnableUIADesktopToggle = dword:0[/FONT]
[FONT=Courier New]IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll[/FONT]
[FONT=Courier New]IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll[/FONT]
[FONT=Courier New]IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll[/FONT]
[FONT=Courier New]DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab[/FONT]
[FONT=Courier New]DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab[/FONT]
[FONT=Courier New]TCP: NameServer = 192.168.2.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{1C67A75D-42F4-4820-B2E6-5ED4E560D3CB} : DHCPNameServer = 192.168.2.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{30E3EDF4-ED71-46B9-BABE-3721089E08B0} : DHCPNameServer = 192.168.2.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{30E3EDF4-ED71-46B9-BABE-3721089E08B0}\14E64627F6964684F6473707F64743338313 : DHCPNameServer = 192.168.43.1[/FONT]
[FONT=Courier New]TCP: Interfaces\{30E3EDF4-ED71-46B9-BABE-3721089E08B0}\34861627C656374456272697D275966496 : DHCPNameServer = 172.16.0.100[/FONT]
[FONT=Courier New]TCP: Interfaces\{30E3EDF4-ED71-46B9-BABE-3721089E08B0}\7657563747 : DHCPNameServer = 192.168.2.1[/FONT]
[FONT=Courier New]Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL[/FONT]
[FONT=Courier New]Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll[/FONT]
[FONT=Courier New]SSODL: WebCheck - <orphaned>[/FONT]
[FONT=Courier New]LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp[/FONT]
[FONT=Courier New]x64-mStart Page = hxxp://acer.msn.com[/FONT]
[FONT=Courier New]x64-mDefault_Page_URL = hxxp://acer.msn.com[/FONT]
[FONT=Courier New]x64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\User\AppData\Roaming\Complitly\64\Complitly64.dll[/FONT]
[FONT=Courier New]x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/FONT]
[FONT=Courier New]x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL[/FONT]
[FONT=Courier New]x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[/FONT]
[FONT=Courier New]x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe[/FONT]
[FONT=Courier New]x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe[/FONT]
[FONT=Courier New]x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe[/FONT]
[FONT=Courier New]x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"[/FONT]
[FONT=Courier New]x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe[/FONT]
[FONT=Courier New]x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s[/FONT]
[FONT=Courier New]x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [/FONT]
[FONT=Courier New]x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe[/FONT]
[FONT=Courier New]x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey[/FONT]
[FONT=Courier New]x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll[/FONT]
[FONT=Courier New]x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll[/FONT]
[FONT=Courier New]x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL[/FONT]
[FONT=Courier New]x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>[/FONT]
[FONT=Courier New]x64-Notify: igfxcui - igfxdev.dll[/FONT]
[FONT=Courier New]x64-SSODL: WebCheck - <orphaned>[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]================= FIREFOX ===================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xvyny857.default\[/FONT]
[FONT=Courier New]FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL[/FONT]
[FONT=Courier New]FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll[/FONT]
[FONT=Courier New]FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFirefoxPPReader.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll[/FONT]
[FONT=Courier New]FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll[/FONT]
[FONT=Courier New]FF - ExtSQL: 2012-10-15 15:39; {adb9897d-7bc0-49d1-bddb-9a755ac724bc}; C:\Program Files (x86)\Mozilla Firefox\extensions\{adb9897d-7bc0-49d1-bddb-9a755ac724bc}[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============= SERVICES / DRIVERS ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768][/FONT]
[FONT=Courier New]R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-5-22 101688][/FONT]
[FONT=Courier New]R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-6 22912][/FONT]
[FONT=Courier New]R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-6 20328][/FONT]
[FONT=Courier New]R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-6 62584][/FONT]
[FONT=Courier New]R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-9 397720][/FONT]
[FONT=Courier New]R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-22 55096][/FONT]
[FONT=Courier New]R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-22 297240][/FONT]
[FONT=Courier New]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904][/FONT]
[FONT=Courier New]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-9-23 65192][/FONT]
[FONT=Courier New]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624][/FONT]
[FONT=Courier New]R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-10 311376][/FONT]
[FONT=Courier New]R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-6 868224][/FONT]
[FONT=Courier New]R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584][/FONT]
[FONT=Courier New]R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-24 116648][/FONT]
[FONT=Courier New]R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-6 13336][/FONT]
[FONT=Courier New]R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-5-24 255376][/FONT]
[FONT=Courier New]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-15 399432][/FONT]
[FONT=Courier New]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-15 676936][/FONT]
[FONT=Courier New]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456][/FONT]
[FONT=Courier New]R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344][/FONT]
[FONT=Courier New]R2 ppAuxSrv;ppAuxSrv;C:\Program Files (x86)\Unipass\Securemail Client\bin\ppauxsrv.exe [2012-3-2 163344][/FONT]
[FONT=Courier New]R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-9-22 976728][/FONT]
[FONT=Courier New]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776][/FONT]
[FONT=Courier New]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192][/FONT]
[FONT=Courier New]R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-7 2656280][/FONT]
[FONT=Courier New]R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-12-11 67112][/FONT]
[FONT=Courier New]R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-12-11 19496][/FONT]
[FONT=Courier New]R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-12-15 35368][/FONT]
[FONT=Courier New]R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-12-11 85544][/FONT]
[FONT=Courier New]R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-6 317440][/FONT]
[FONT=Courier New]R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-1 411688][/FONT]
[FONT=Courier New]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-15 25928][/FONT]
[FONT=Courier New]R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-6 56344][/FONT]
[FONT=Courier New]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896][/FONT]
[FONT=Courier New]R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184][/FONT]
[FONT=Courier New]R3 ppSrv;ppSrv;C:\Program Files (x86)\Unipass\Securemail Client\bin\ppSrv.exe [2012-3-2 111120][/FONT]
[FONT=Courier New]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264][/FONT]
[FONT=Courier New]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648][/FONT]
[FONT=Courier New]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960][/FONT]
[FONT=Courier New]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376][/FONT]
[FONT=Courier New]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496][/FONT]
[FONT=Courier New]R3 TmecSrv;TmecSrv;C:\Program Files (x86)\Unipass\Securemail Client\bin\TmecSrv.exe [2012-3-2 77376][/FONT]
[FONT=Courier New]S2 CLKMSVC10_34E30CCC;CyberLink Product - 2012/04/07 09:29:44;C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2010-11-25 254448][/FONT]
[FONT=Courier New]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384][/FONT]
[FONT=Courier New]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576][/FONT]
[FONT=Courier New]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-11 250808][/FONT]
[FONT=Courier New]S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912][/FONT]
[FONT=Courier New]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-24 116648][/FONT]
[FONT=Courier New]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168][/FONT]
[FONT=Courier New]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-11 59392][/FONT]
[FONT=Courier New]S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016][/FONT]
[FONT=Courier New]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-10 1255736][/FONT]
[FONT=Courier New]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]=============== File Associations ===============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]FileExt: .txt: Applications\WINWORD.EXE="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist][/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]=============== Created Last 30 ================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-10-16 21:22:02 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85CC76F0-46E3-474E-B59C-69E341A984DA}\mpengine.dll[/FONT]
[FONT=Courier New]2012-10-15 16:43:50 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes[/FONT]
[FONT=Courier New]2012-10-15 16:43:40 -------- d-----w- C:\ProgramData\Malwarebytes[/FONT]
[FONT=Courier New]2012-10-15 16:43:38 25928----a-w- C:\Windows\System32\drivers\mbam.sys[/FONT]
[FONT=Courier New]2012-10-15 16:43:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware[/FONT]
[FONT=Courier New]2012-10-15 16:34:30 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll[/FONT]
[FONT=Courier New]2012-10-15 07:30:34 -------- d-----w- C:\Program Files (x86)\MSXML 4.0[/FONT]
[FONT=Courier New]2012-10-12 13:16:48 -------- d-----w- C:\Users\User\AppData\Roaming\Identum[/FONT]
[FONT=Courier New]2012-10-12 13:16:47 -------- d-----w- C:\Program Files (x86)\Unipass[/FONT]
[FONT=Courier New]2012-10-12 08:42:11 -------- d-----w- C:\ProgramData\TuneUp Software[/FONT]
[FONT=Courier New]2012-10-12 08:42:01 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}[/FONT]
[FONT=Courier New]2012-10-12 08:05:36 -------- d-----w- C:\Users\User\AppData\Roaming\ParetoLogic[/FONT]
[FONT=Courier New]2012-10-12 08:05:36 -------- d-----w- C:\Users\User\AppData\Roaming\DriverCure[/FONT]
[FONT=Courier New]2012-10-12 08:05:27 -------- d-----w- C:\ProgramData\ParetoLogic[/FONT]
[FONT=Courier New]2012-10-11 07:47:08 -------- d-----w- C:\Users\User\AppData\Local\Avg2013[/FONT]
[FONT=Courier New]2012-10-10 13:34:20 -------- d-----w- C:\Users\User\AppData\Roaming\TuneUp Software[/FONT]
[FONT=Courier New]2012-10-10 13:27:41 -------- d--h--w- C:\ProgramData\Common Files[/FONT]
[FONT=Courier New]2012-10-10 13:27:41 -------- d-----w- C:\Users\User\AppData\Local\MFAData[/FONT]
[FONT=Courier New]2012-10-10 13:27:41 -------- d-----w- C:\ProgramData\MFAData[/FONT]
[FONT=Courier New]2012-10-10 13:00:10 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%[/FONT]
[FONT=Courier New]2012-10-10 11:27:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll[/FONT]
[FONT=Courier New]2012-10-10 11:27:52 2048 ----a-w- C:\Windows\System32\tzres.dll[/FONT]
[FONT=Courier New]2012-10-10 11:27:26 715776 ----a-w- C:\Windows\System32\kerberos.dll[/FONT]
[FONT=Courier New]2012-10-10 11:27:25 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll[/FONT]
[FONT=Courier New]2012-10-10 11:27:10 1464320 ----a-w- C:\Windows\System32\crypt32.dll[/FONT]
[FONT=Courier New]2012-10-10 11:27:10 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll[/FONT]
[FONT=Courier New]2012-10-10 11:27:09 184320 ----a-w- C:\Windows\System32\cryptsvc.dll[/FONT]
[FONT=Courier New]2012-10-10 11:27:09 140288 ----a-w- C:\Windows\System32\cryptnet.dll[/FONT]
[FONT=Courier New]2012-10-10 11:27:08 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll[/FONT]
[FONT=Courier New]2012-10-10 11:27:08 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll[/FONT]
[FONT=Courier New]2012-10-09 12:13:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll[/FONT]
[FONT=Courier New]2012-10-09 12:13:23 366592 ----a-w- C:\Windows\System32\qdvd.dll[/FONT]
[FONT=Courier New]2012-10-08 07:44:06 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B02D7D86-EF67-43A5-BC01-23DEEFA1312C}\gapaengine.dll[/FONT]
[FONT=Courier New]2012-09-26 09:31:03 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe[/FONT]
[FONT=Courier New]2012-09-23 19:43:40 208008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll[/FONT]
[FONT=Courier New]2012-09-23 19:43:40 208008 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==================== Find3M ====================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]2012-10-09 07:56:54 73656----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[/FONT]
[FONT=Courier New]2012-10-09 07:56:54 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe[/FONT]
[FONT=Courier New]2012-09-22 15:34:44 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys[/FONT]
[FONT=Courier New]2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys[/FONT]
[FONT=Courier New]2012-08-30 21:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys[/FONT]
[FONT=Courier New]2012-08-30 21:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys[/FONT]
[FONT=Courier New]2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe[/FONT]
[FONT=Courier New]2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe[/FONT]
[FONT=Courier New]2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe[/FONT]
[FONT=Courier New]2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll[/FONT]
[FONT=Courier New]2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll[/FONT]
[FONT=Courier New]2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys[/FONT]
[FONT=Courier New]2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys[/FONT]
[FONT=Courier New]2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys[/FONT]
[FONT=Courier New]2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS[/FONT]
[FONT=Courier New]2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll[/FONT]
[FONT=Courier New]2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll[/FONT]
[FONT=Courier New]2012-08-20 18:48:44 13312----a-w- C:\Windows\System32\wow64cpu.dll[/FONT]
[FONT=Courier New]2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll[/FONT]
[FONT=Courier New]2012-08-20 18:48:37 16384----a-w- C:\Windows\System32\ntvdm64.dll[/FONT]
[FONT=Courier New]2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll[/FONT]
[FONT=Courier New]2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe[/FONT]
[FONT=Courier New]2012-08-20 17:40:21 14336----a-w- C:\Windows\SysWow64\ntvdm64.dll[/FONT]
[FONT=Courier New]2012-08-20 17:38:44 44032----a-w- C:\Windows\apppatch\acwow64.dll[/FONT]
[FONT=Courier New]2012-08-20 17:38:26 25600----a-w- C:\Windows\SysWow64\setup16.exe[/FONT]
[FONT=Courier New]2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll[/FONT]
[FONT=Courier New]2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll[/FONT]
[FONT=Courier New]2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe[/FONT]
[FONT=Courier New]2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe[/FONT]
[FONT=Courier New]2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[/FONT]
[FONT=Courier New]2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[/FONT]
[FONT=Courier New]2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[/FONT]
[FONT=Courier New]2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[/FONT]
[FONT=Courier New]2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll[/FONT]
[FONT=Courier New]2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll[/FONT]
[FONT=Courier New]2012-07-23 14:07:29 60304----a-w- C:\Users\User\g2mdlhlpx.exe[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]============= FINISH: 22:31:10.88 ===============[/FONT]

 

[Russ_D]

[FONT=Courier New].[/FONT]
[FONT=Courier New]UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.[/FONT]
[FONT=Courier New]IF REQUESTED, ZIP IT UP & ATTACH IT[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]DDS (Ver_2012-10-14.05)[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]Microsoft Windows 7 Home Premium [/FONT]
[FONT=Courier New]Boot Device: \Device\HarddiskVolume2[/FONT]
[FONT=Courier New]Install Date: 07/04/2012 11:17:28[/FONT]
[FONT=Courier New]System Uptime: 16/10/2012 13:23:32 (9 hours ago)[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]Motherboard: Acer | | JE50_HR[/FONT]
[FONT=Courier New]Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU1 | 1587/1333mhz[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== Disk Partitions =========================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]C: is FIXED (NTFS) - 451 GiB total, 388.5 GiB free.[/FONT]
[FONT=Courier New]D: is CDROM ()[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== Disabled Device Manager Items =============[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== System Restore Points ===================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]RP76: 11/10/2012 08:52:37 - Installed Microsoft Fix it 50778[/FONT]
[FONT=Courier New]RP77: 11/10/2012 14:38:21 - Windows Modules Installer[/FONT]
[FONT=Courier New]RP78: 11/10/2012 14:52:53 - Windows Update[/FONT]
[FONT=Courier New]RP79: 12/10/2012 09:42:50 - Installed TuneUp Utilities 2013[/FONT]
[FONT=Courier New]RP80: 14/10/2012 11:06:43 - Removed TuneUp Utilities 2013[/FONT]
[FONT=Courier New]RP81: 14/10/2012 11:08:07 - Removed TuneUp Utilities Language Pack (en-GB)[/FONT]
[FONT=Courier New]RP83: 15/10/2012 17:33:52 - Windows Update[/FONT]
[FONT=Courier New]RP84: 16/10/2012 08:04:13 - Installed Rapport[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== Installed Programs ======================[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]360 Lifecycle - Advisor[/FONT]
[FONT=Courier New]360 Lifecycle - Office[/FONT]
[FONT=Courier New]Acer Backup Manager[/FONT]
[FONT=Courier New]Acer Crystal Eye Webcam[/FONT]
[FONT=Courier New]Acer ePower Management[/FONT]
[FONT=Courier New]Acer eRecovery Management[/FONT]
[FONT=Courier New]Acer GameZone Console[/FONT]
[FONT=Courier New]Acer Registration[/FONT]
[FONT=Courier New]Acer ScreenSaver[/FONT]
[FONT=Courier New]Acer Updater[/FONT]
[FONT=Courier New]Acrobat.com[/FONT]
[FONT=Courier New]Adobe AIR[/FONT]
[FONT=Courier New]Adobe Flash Player 11 ActiveX[/FONT]
[FONT=Courier New]Adobe Flash Player 11 Plugin[/FONT]
[FONT=Courier New]Adobe Reader XI[/FONT]
[FONT=Courier New]Apple Application Support[/FONT]
[FONT=Courier New]Apple Software Update[/FONT]
[FONT=Courier New]Backup Manager V3[/FONT]
[FONT=Courier New]Bing Bar[/FONT]
[FONT=Courier New]Bing Bar Platform[/FONT]
[FONT=Courier New]Broadcom Card Reader Driver Installer[/FONT]
[FONT=Courier New]Broadcom Gigabit NetLink Controller[/FONT]
[FONT=Courier New]Broadcom Wireless Utility[/FONT]
[FONT=Courier New]Cisco EAP-FAST Module[/FONT]
[FONT=Courier New]Cisco LEAP Module[/FONT]
[FONT=Courier New]Cisco PEAP Module[/FONT]
[FONT=Courier New]Cisco WebEx Meetings[/FONT]
[FONT=Courier New]clear.fi[/FONT]
[FONT=Courier New]clear.fi Client[/FONT]
[FONT=Courier New]Complitly[/FONT]
[FONT=Courier New]D3DX10[/FONT]
[FONT=Courier New]Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition[/FONT]
[FONT=Courier New]Dropbox[/FONT]
[FONT=Courier New]eBay Worldwide[/FONT]
[FONT=Courier New]eSobi v2[/FONT]
[FONT=Courier New]Google Calendar Sync[/FONT]
[FONT=Courier New]Google Chrome[/FONT]
[FONT=Courier New]Google Earth[/FONT]
[FONT=Courier New]Google Update Helper[/FONT]
[FONT=Courier New]GoToMeeting 5.1.0.880[/FONT]
[FONT=Courier New]HP Photo Creations[/FONT]
[FONT=Courier New]HP Photosmart 7510 series Basic Device Software[/FONT]
[FONT=Courier New]HP Photosmart 7510 series Help[/FONT]
[FONT=Courier New]HP Photosmart 7510 series Product Improvement Study[/FONT]
[FONT=Courier New]HP Update[/FONT]
[FONT=Courier New]Identity Card[/FONT]
[FONT=Courier New]Intel(R) Control Center[/FONT]
[FONT=Courier New]Intel(R) Management Engine Components[/FONT]
[FONT=Courier New]Intel(R) Processor Graphics[/FONT]
[FONT=Courier New]Intel(R) Rapid Storage Technology[/FONT]
[FONT=Courier New]Intel(R) Turbo Boost Technology Monitor 2.0[/FONT]
[FONT=Courier New]Internet Explorer (Enable DEP)[/FONT]
[FONT=Courier New]Intrinsic iPoS[/FONT]
[FONT=Courier New]Junk Mail filter update[/FONT]
[FONT=Courier New]Launch Manager[/FONT]
[FONT=Courier New]Malwarebytes Anti-Malware version 1.65.0.1400[/FONT]
[FONT=Courier New]MediaEspresso[/FONT]
[FONT=Courier New]Mesh Runtime[/FONT]
[FONT=Courier New]Microsoft .NET Framework 4 Client Profile[/FONT]
[FONT=Courier New]Microsoft Application Error Reporting[/FONT]
[FONT=Courier New]Microsoft Default Manager[/FONT]
[FONT=Courier New]Microsoft Office 2010[/FONT]
[FONT=Courier New]Microsoft Office 2010 Service Pack 1 (SP1)[/FONT]
[FONT=Courier New]Microsoft Office Access MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Access Setup Metadata MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Click-to-Run 2010[/FONT]
[FONT=Courier New]Microsoft Office Excel MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Home and Business 2010[/FONT]
[FONT=Courier New]Microsoft Office Office 64-bit Components 2010[/FONT]
[FONT=Courier New]Microsoft Office OneNote MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Outlook MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office PowerPoint MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Proof (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Proof (French) 2010[/FONT]
[FONT=Courier New]Microsoft Office Proof (Spanish) 2010[/FONT]
[FONT=Courier New]Microsoft Office Proofing (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Publisher MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Shared 64-bit MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Shared MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Shared Setup Metadata MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Office Single Image 2010[/FONT]
[FONT=Courier New]Microsoft Office Word MUI (English) 2010[/FONT]
[FONT=Courier New]Microsoft Search Enhancement Pack[/FONT]
[FONT=Courier New]Microsoft Security Client[/FONT]
[FONT=Courier New]Microsoft Security Essentials[/FONT]
[FONT=Courier New]Microsoft Silverlight[/FONT]
[FONT=Courier New]Microsoft SQL Server 2005 Compact Edition [ENU][/FONT]
[FONT=Courier New]Microsoft Visual C++ 2005 Redistributable[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2005 Redistributable (x64)[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161[/FONT]
[FONT=Courier New]Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219[/FONT]
[FONT=Courier New]Mozilla Firefox 16.0.1 (x86 en-US)[/FONT]
[FONT=Courier New]Mozilla Maintenance Service[/FONT]
[FONT=Courier New]MSVCRT[/FONT]
[FONT=Courier New]MSVCRT_amd64[/FONT]
[FONT=Courier New]MSXML 4.0 SP2 (KB954430)[/FONT]
[FONT=Courier New]MSXML 4.0 SP2 (KB973688)[/FONT]
[FONT=Courier New]MyWinLocker[/FONT]
[FONT=Courier New]MyWinLocker 4[/FONT]
[FONT=Courier New]MyWinLocker Suite[/FONT]
[FONT=Courier New]NTI Media Maker 9[/FONT]
[FONT=Courier New]QuickTime[/FONT]
[FONT=Courier New]Rapport[/FONT]
[FONT=Courier New]RealNetworks - Microsoft Visual C++ 2008 Runtime[/FONT]
[FONT=Courier New]RealPlayer[/FONT]
[FONT=Courier New]Realtek High Definition Audio Driver[/FONT]
[FONT=Courier New]RealUpgrade 1.1[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)[/FONT]
[FONT=Courier New]Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)[/FONT]
[FONT=Courier New]Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2553091)[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2553096)[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)[/FONT]
[FONT=Courier New]Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition[/FONT]
[FONT=Courier New]Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition[/FONT]
[FONT=Courier New]Shredder[/FONT]
[FONT=Courier New]Synaptics Pointing Device Driver[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Client Profile (KB2468871)[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Client Profile (KB2533523)[/FONT]
[FONT=Courier New]Update for Microsoft .NET Framework 4 Client Profile (KB2600217)[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553065)[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2566458)[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition[/FONT]
[FONT=Courier New]Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition[/FONT]
[FONT=Courier New]Visual Studio 2010 x64 Redistributables[/FONT]
[FONT=Courier New]Welcome Center[/FONT]
[FONT=Courier New]Windows Live Communications Platform[/FONT]
[FONT=Courier New]Windows Live Essentials[/FONT]
[FONT=Courier New]Windows Live ID Sign-in Assistant[/FONT]
[FONT=Courier New]Windows Live Installer[/FONT]
[FONT=Courier New]Windows Live Language Selector[/FONT]
[FONT=Courier New]Windows Live Mail[/FONT]
[FONT=Courier New]Windows Live Mesh[/FONT]
[FONT=Courier New]Windows Live Mesh ActiveX Control for Remote Connections[/FONT]
[FONT=Courier New]Windows Live Messenger[/FONT]
[FONT=Courier New]Windows Live MIME IFilter[/FONT]
[FONT=Courier New]Windows Live Movie Maker[/FONT]
[FONT=Courier New]Windows Live Photo Common[/FONT]
[FONT=Courier New]Windows Live Photo Gallery[/FONT]
[FONT=Courier New]Windows Live PIMT Platform[/FONT]
[FONT=Courier New]Windows Live Remote Client[/FONT]
[FONT=Courier New]Windows Live Remote Client Resources[/FONT]
[FONT=Courier New]Windows Live Remote Service[/FONT]
[FONT=Courier New]Windows Live Remote Service Resources[/FONT]
[FONT=Courier New]Windows Live SOXE[/FONT]
[FONT=Courier New]Windows Live SOXE Definitions[/FONT]
[FONT=Courier New]Windows Live UX Platform[/FONT]
[FONT=Courier New]Windows Live UX Platform Language Pack[/FONT]
[FONT=Courier New]Windows Live Writer[/FONT]
[FONT=Courier New]Windows Live Writer Resources[/FONT]
[FONT=Courier New]Worksmart V8 HTTP[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== Event Viewer Messages From Past Week ========[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]14/10/2012 11:04:16, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.[/FONT]
[FONT=Courier New]14/10/2012 10:58:55, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.[/FONT]
[FONT=Courier New]14/10/2012 10:58:55, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.[/FONT]
[FONT=Courier New]14/10/2012 10:56:20, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.[/FONT]
[FONT=Courier New]12/10/2012 17:19:02, Error: Service Control Manager [7030] - The TmecSrv service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.[/FONT]
[FONT=Courier New]12/10/2012 17:19:02, Error: Service Control Manager [7030] - The ppSrv service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.[/FONT]
[FONT=Courier New]12/10/2012 17:19:02, Error: Service Control Manager [7030] - The ppAuxSrv service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.[/FONT]
[FONT=Courier New]11/10/2012 07:50:56, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.[/FONT]
[FONT=Courier New]10/10/2012 14:00:51, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.[/FONT]
[FONT=Courier New]10/10/2012 13:59:51, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.[/FONT]
[FONT=Courier New]10/10/2012 13:59:51, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]10/10/2012 13:58:51, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.[/FONT]
[FONT=Courier New]09/10/2012 12:44:04, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user WORKPOOTER\User SID (S-1-5-21-1990467475-1953669449-3764898903-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.[/FONT]
[FONT=Courier New].[/FONT]
[FONT=Courier New]==== End Of File ===========================[/FONT]

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[Russ_D]

ComboFix 12-10-17.03 - User 17/10/2012 15:58:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8044.6106 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files (x86)\Complitly\FireFoxUninstaller.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\System.Data.SQLite.dll
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\programdata\FullRemove.exe
c:\users\User\AppData\Roaming\Microsoft\~DFKd1845f.tmp
c:\users\User\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\User\AppData\Roaming\Microsoft\bass.dll
c:\users\User\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\User\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\User\AppData\Roaming\Microsoft\peaadje.dll
c:\users\User\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\User\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\User\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 15:03 . 2012-10-17 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 21:22 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85CC76F0-46E3-474E-B59C-69E341A984DA}\mpengine.dll
2012-10-15 16:49 . 2012-10-15 16:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-15 16:43 . 2012-10-15 16:43 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-10-15 16:43 . 2012-10-15 16:43 -------- d-----w- c:\programdata\Malwarebytes
2012-10-15 16:43 . 2012-10-16 18:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-15 16:43 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-15 16:34 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-15 07:30 . 2012-10-15 07:30 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-10-12 13:16 . 2012-10-12 13:19 -------- d-----w- c:\users\User\AppData\Roaming\Identum
2012-10-12 13:16 . 2012-10-12 16:16 -------- d-----w- c:\program files (x86)\Unipass
2012-10-12 08:42 . 2012-10-12 08:43 -------- d-----w- c:\programdata\TuneUp Software
2012-10-12 08:42 . 2012-10-12 08:52 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-12 08:05 . 2012-10-12 08:05 -------- d-----w- c:\users\User\AppData\Roaming\ParetoLogic
2012-10-12 08:05 . 2012-10-12 08:05 -------- d-----w- c:\users\User\AppData\Roaming\DriverCure
2012-10-12 08:05 . 2012-10-12 08:36 -------- d-----w- c:\programdata\ParetoLogic
2012-10-11 07:47 . 2012-10-11 07:47 -------- d-----w- c:\users\User\AppData\Local\Avg2013
2012-10-10 13:34 . 2012-10-12 08:43 -------- d-----w- c:\users\User\AppData\Roaming\TuneUp Software
2012-10-10 13:27 . 2012-10-11 07:47 -------- d-----w- c:\programdata\MFAData
2012-10-10 13:27 . 2012-10-10 13:27 -------- d--h--w- c:\programdata\Common Files
2012-10-10 13:27 . 2012-10-10 13:27 -------- d-----w- c:\users\User\AppData\Local\MFAData
2012-10-10 13:00 . 2012-10-10 13:00 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-10-10 11:27 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 11:27 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 11:27 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 11:27 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 11:27 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 11:27 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 11:27 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 11:27 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 11:27 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 11:27 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 12:13 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-09 12:13 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-08 07:44 . 2012-09-28 07:31 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B02D7D86-EF67-43A5-BC01-23DEEFA1312C}\gapaengine.dll
2012-09-26 09:31 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 19:43 . 2012-09-23 19:43 208008 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-09-23 19:43 . 2012-09-23 19:43 208008 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 12:50 . 2012-05-11 08:04 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 07:56 . 2012-05-11 07:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 07:56 . 2012-05-11 07:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-28 07:31 . 2012-06-22 07:40 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-22 15:34 . 2012-05-22 16:41 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-08-30 21:03 . 2012-08-30 21:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 21:03 . 2012-03-20 19:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-12 06:34 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 06:34 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 06:34 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 06:34 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 11:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 06:34 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 06:34 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"HP Photosmart 7510 series (NET)"="c:\program files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-09 177448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Private Post Tray v4"="c:\program files (x86)\Unipass\Securemail Client\bin\ppTray.exe" [2012-03-02 287760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
.
R2 CLKMSVC10_34E30CCC;CyberLink Product - 2012/04/07 09:29;c:\program files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2010-11-25 254448]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-24 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-24 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 101688]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2010-12-06 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2010-12-06 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2010-12-06 62584]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-09 397720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
S2 ppAuxSrv;ppAuxSrv;c:\program files (x86)\Unipass\Securemail Client\bin\ppauxsrv.exe [2012-03-02 163344]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2010-12-11 67112]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2010-12-11 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2010-12-15 35368]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2010-12-11 85544]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-12-01 411688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 ppSrv;ppSrv;c:\program files (x86)\Unipass\Securemail Client\bin\ppSrv.exe [2012-03-02 111120]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TmecSrv;TmecSrv;c:\program files (x86)\Unipass\Securemail Client\bin\TmecSrv.exe [2012-03-02 77376]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_34E30CCC
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\Acer Registration - Data Sending task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 07:56]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-24 08:26]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-24 08:26]
.
2012-10-17 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-03-02 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-04-09 7142400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xvyny857.default\
FF - ExtSQL: 2012-10-15 15:39; {adb9897d-7bc0-49d1-bddb-9a755ac724bc}; c:\program files (x86)\Mozilla Firefox\extensions\{adb9897d-7bc0-49d1-bddb-9a755ac724bc}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Intrinsic iPoS - c:\programdata\{8EF63318-2BD9-4FFF-8849-05201CF0EE19}\Intrinsic iPoS.exe
AddRemove-{18EE63AF-F79D-4F2F-97BF-B4B7F026DFD7} - c:\programdata\{8EF63318-2BD9-4FFF-8849-05201CF0EE19}\Intrinsic iPoS.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-17 16:05:44
ComboFix-quarantined-files.txt 2012-10-17 15:05
.
Pre-Run: 417,437,315,072 bytes free
Post-Run: 417,422,376,960 bytes free
.
- - End Of File - - EFD420562BEBEDEFEAB7FA3A655697ED

 

[Jay Pfoutz]

Good job!

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

 

[Russ_D]

[FONT=Courier New]# AdwCleaner v2.005 - Logfile created 10/18/2012 at 10:57:05[/FONT]
[FONT=Courier New]# Updated 14/10/2012 by Xplode[/FONT]
[FONT=Courier New]# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)[/FONT]
[FONT=Courier New]# User : User - WORKPOOTER[/FONT]
[FONT=Courier New]# Boot Mode : Normal[/FONT]
[FONT=Courier New]# Running from : C:\Users\User\Downloads\adwcleaner.exe[/FONT]
[FONT=Courier New]# Option [Delete][/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]***** [Services] *****[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]***** [Files / Folders] *****[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg[/FONT]
[FONT=Courier New]Folder Deleted : C:\Program Files (x86)\Conduit[/FONT]
[FONT=Courier New]Folder Deleted : C:\ProgramData\boost_interprocess[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]***** [Registry] *****[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\AppDataLow\Software\Conduit[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Ask&Record[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Complitly[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Conduit[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}[/FONT]
[FONT=Courier New]Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\Software\Conduit[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}[/FONT]
[FONT=Courier New]Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]***** [Internet Browsers] *****[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]-\\ Internet Explorer v9.0.8112.16421[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][OK] Registry is clean.[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]-\\ Mozilla Firefox v16.0.1 (en-US)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]-\\ Google Chrome v [Unable to get version][/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]*************************[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]AdwCleaner[S1].txt - [3165 octets] - [18/10/2012 10:57:06][/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]########## EOF - C:\AdwCleaner[S1].txt - [3225 octets] ##########[/FONT]

 

[Russ_D]

ESET - No threats found

 

[Jay Pfoutz]

Are you still having the same problems you started with, or have things boosted?

 

[Russ_D]

Similar problems sadly. I am not getting 'web page is not responding' any more but each page takes approx 30+ secs to load and despite showing each web page, any links cannot be selected/clicked for about another 30secs or so.

'Ctrl & Tab' between open tabs in IE causes it to freeze and crash.

Firefox and Chrome are unaffected

 

[Jay Pfoutz]

RogueKiller Scan

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

 

[Russ_D]

[FONT=Courier New]RogueKiller V8.1.1 [10/01/2012] by Tigzy[/FONT]
[FONT=Courier New]mail: tigzyRK<at>gmail<dot>com[/FONT]
[FONT=Courier New]Feedback: https://www.techspot.com/downloads/5562-roguekiller.html[/FONT]
[FONT=Courier New]Website: http://tigzy.geekstogo.com/roguekiller.php[/FONT]
[FONT=Courier New]Blog: http://tigzyrk.blogspot.com[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version[/FONT]
[FONT=Courier New]Started in : Normal mode[/FONT]
[FONT=Courier New]User : User [Admin rights][/FONT]
[FONT=Courier New]Mode : Scan -- Date : 10/18/2012 18:58:27[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ Bad processes : 0 ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ Registry Entries : 7 ¤¤¤[/FONT]
[FONT=Courier New][TASK][BLPATH] HPCustParticipation HP Photosmart 7510 series : "C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1005 -> FOUND[/FONT]
[FONT=Courier New][TASK][SUSP PATH] {EA83CB76-F20E-4F8C-98AB-722581DF70DD} : C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Halifax GI - Intermediaries\_Update\Update817\SetUp.exe" -d "C:\ProgramData\Halifax GI - Intermediaries\_Update\Update817\" -c /s -> FOUND[/FONT]
[FONT=Courier New][STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk @User : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Photosmart 7510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1AK245NH05PX;CONNECTION=NW;MONITOR=1; -> FOUND[/FONT]
[FONT=Courier New][HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[/FONT]
[FONT=Courier New][HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND[/FONT]
[FONT=Courier New][HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[/FONT]
[FONT=Courier New][HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ Particular Files / Folders: ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ Driver : [NOT LOADED] ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ HOSTS File: ¤¤¤[/FONT]
[FONT=Courier New]--> C:\Windows\system32\drivers\etc\hosts[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]127.0.0.1 localhost[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ MBR Check: ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]+++++ PhysicalDrive0: TOSHIBA MK5059GSXP +++++[/FONT]
[FONT=Courier New]--- User ---[/FONT]
[FONT=Courier New][MBR] 3ed0b90d5c33282c947a0b5f091f2b3f[/FONT]
[FONT=Courier New][BSP] 41f72be4c936c87a5e2a70fefb6e375b : Windows 7 MBR Code[/FONT]
[FONT=Courier New]Partition table:[/FONT]
[FONT=Courier New]0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo[/FONT]
[FONT=Courier New]1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 461578 Mo[/FONT]
[FONT=Courier New]User = LL1 ... OK![/FONT]
[FONT=Courier New]User = LL2 ... OK![/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Finished : << RKreport[1].txt >>[/FONT]
[FONT=Courier New]RKreport[1].txt[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]

 

[Russ_D]

[FONT=Courier New]RogueKiller V8.1.1 [10/01/2012] by Tigzy[/FONT]
[FONT=Courier New]mail: tigzyRK<at>gmail<dot>com[/FONT]
[FONT=Courier New]Feedback: https://www.techspot.com/downloads/5562-roguekiller.html[/FONT]
[FONT=Courier New]Website: http://tigzy.geekstogo.com/roguekiller.php[/FONT]
[FONT=Courier New]Blog: http://tigzyrk.blogspot.com[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version[/FONT]
[FONT=Courier New]Started in : Normal mode[/FONT]
[FONT=Courier New]User : User [Admin rights][/FONT]
[FONT=Courier New]Mode : Remove -- Date : 10/18/2012 18:59:02[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ Bad processes : 0 ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ Registry Entries : 6 ¤¤¤[/FONT]
[FONT=Courier New][TASK][BLPATH] HPCustParticipation HP Photosmart 7510 series : "C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1005 -> DELETED[/FONT]
[FONT=Courier New][TASK][SUSP PATH] {EA83CB76-F20E-4F8C-98AB-722581DF70DD} : C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Halifax GI - Intermediaries\_Update\Update817\SetUp.exe" -d "C:\ProgramData\Halifax GI - Intermediaries\_Update\Update817\" -c /s -> DELETED[/FONT]
[FONT=Courier New][STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk @User : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Photosmart 7510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1AK245NH05PX;CONNECTION=NW;MONITOR=1; -> DELETED[/FONT]
[FONT=Courier New][HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[/FONT]
[FONT=Courier New][HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[/FONT]
[FONT=Courier New][HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ Particular Files / Folders: ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ Driver : [NOT LOADED] ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ HOSTS File: ¤¤¤[/FONT]
[FONT=Courier New]--> C:\Windows\system32\drivers\etc\hosts[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]127.0.0.1 localhost[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ MBR Check: ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]+++++ PhysicalDrive0: TOSHIBA MK5059GSXP +++++[/FONT]
[FONT=Courier New]--- User ---[/FONT]
[FONT=Courier New][MBR] 3ed0b90d5c33282c947a0b5f091f2b3f[/FONT]
[FONT=Courier New][BSP] 41f72be4c936c87a5e2a70fefb6e375b : Windows 7 MBR Code[/FONT]
[FONT=Courier New]Partition table:[/FONT]
[FONT=Courier New]0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo[/FONT]
[FONT=Courier New]1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 461578 Mo[/FONT]
[FONT=Courier New]User = LL1 ... OK![/FONT]
[FONT=Courier New]User = LL2 ... OK![/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Finished : << RKreport[2].txt >>[/FONT]
[FONT=Courier New]RKreport[1].txt ; RKreport[2].txt[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]

 

[Jay Pfoutz]

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Uncheck "Trace disk IO calls".
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
• Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

 

[Russ_D]

[FONT=Courier New]aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software[/FONT]
[FONT=Courier New]Run date: 2012-10-18 19:19:54[/FONT]
[FONT=Courier New]-----------------------------[/FONT]
[FONT=Courier New]19:19:54.607 OS Version: Windows x64 6.1.7601 Service Pack 1[/FONT]
[FONT=Courier New]19:19:54.607 Number of processors: 4 586 0x2A07[/FONT]
[FONT=Courier New]19:19:54.607 ComputerName: WORKPOOTER UserName: User[/FONT]
[FONT=Courier New]19:19:56.127 Initialize success[/FONT]
[FONT=Courier New]19:23:39.068 AVAST engine defs: 12101801[/FONT]
[FONT=Courier New]19:24:21.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1[/FONT]
[FONT=Courier New]19:24:21.711 Disk 0 Vendor: TOSHIBA_ GN00 Size: 476940MB BusType: 3[/FONT]
[FONT=Courier New]19:24:21.727 Disk 0 MBR read successfully[/FONT]
[FONT=Courier New]19:24:21.727 Disk 0 MBR scan[/FONT]
[FONT=Courier New]19:24:21.742 Disk 0 Windows 7 default MBR code[/FONT]
[FONT=Courier New]19:24:21.758 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048[/FONT]
[FONT=Courier New]19:24:21.789 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 461578 MB offset 31459328[/FONT]
[FONT=Courier New]19:24:21.851 Disk 0 scanning C:\Windows\system32\drivers[/FONT]
[FONT=Courier New]19:24:36.363 Service scanning[/FONT]
[FONT=Courier New]19:25:20.296 Modules scanning[/FONT]
[FONT=Courier New]19:25:21.310 AVAST engine scan C:\Windows[/FONT]
[FONT=Courier New]19:25:25.878 AVAST engine scan C:\Windows\system32[/FONT]
[FONT=Courier New]19:29:28.608 AVAST engine scan C:\Windows\system32\drivers[/FONT]
[FONT=Courier New]19:29:45.939 AVAST engine scan C:\Users\User[/FONT]
[FONT=Courier New]19:39:59.518 AVAST engine scan C:\ProgramData[/FONT]
[FONT=Courier New]19:42:36.610 Scan finished successfully[/FONT]
[FONT=Courier New]20:10:46.002 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"[/FONT]
[FONT=Courier New]20:10:46.062 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]

 

[Russ_D]

How do I change the .dat to a .txt please?

I keep getting MBR.txt.dat after trying to rename it

 

[Russ_D]

The default opening program for MBR.dat is an acer program called clear.fi if that helps.

 

[Jay Pfoutz]

That's fine. Your MBR is clean anyway.

Now, for ESET online scanner, please.

 

[Russ_D]

ESET - No threats found

 

[Jay Pfoutz]

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

 

[Russ_D]

IE is still the same sadly. Google loads quickly as do search results, however when clicking on a link the address in the bar changes but the page takes an incredibly long time to load.

Also getting 'web page is not responding - recover web page' notice

 

[Jay Pfoutz]

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

[Russ_D]

Farbar Service Scanner Version: 19-10-2012
Ran by User (administrator) on 23-10-2012 at 08:33:48
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Jay Pfoutz]

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

• Double-click on drweb-cureit.exe to start the program.
  An Express Scan of your PC notice will appear.
• Under Start the Express Scan Now, Click OK to start the scan.
  This is a short scan that will scan the files currently running in memory.
  If something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
• Choose the Scan tab and UNcheck Heuristic analysis
• Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
• Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
• When finished, a message will be displayed at the bottom advising if any viruses were found.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, look if you can see the icon next to the files found.
  If so, click it, then click the next icon right below and select Move incurable.
  (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit when you have finished.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)