Resolved Need help with adware

[Osbert]

I already have norton updated and working on my PC

log from MBAB
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jeff :: JEFF-PC [administrator]

01/06/2012 6:46:02 PM
mbam-log-2012-06-01 (18-46-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213598
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 17
C:\Users\Jeff\AppData\Local\Temp\~os149A.tmp\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~os149A.tmp\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~os149A.tmp\rlxf.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~os149A.tmp\rlxg.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osAEE4.tmp\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osAEE4.tmp\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osAEE4.tmp\rlxf.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osAEE4.tmp\rlxg.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osAEE4.tmp\rlxh.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osAEE4.tmp\rlxi.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osCBDE.tmp\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osCBDE.tmp\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osCBDE.tmp\rlxf.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osCBDE.tmp\rlxg.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osCBDE.tmp\rlxh.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osCBDE.tmp\rlxi.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\~osCBDE.tmp\rlxj.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

(end)

GMER didn't produce a log
results of DDS -

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Jeff at 11:56:26 on 2012-06-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8191.6397 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=w7th1
mSearchAssistant = hxxp://start.facemoods.com/?a=w7th1&s={searchTerms}&f=4
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Corel Photo Downloader] "c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Jeff\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{10809AC6-7DD8-4AFC-BBB6-898221AB9DCE} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\f7m7sz3w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Downloader\npdd.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\f7m7sz3w.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-5-24 1160824]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20120601.001\IDSviA64.sys [2012-6-1 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-02 12:49:30 -------- d-----w- C:\Users\Jeff\AppData\Local\{3CD9A34B-4A7B-47E5-9168-DD1676D9D435}
2012-06-02 12:49:18 -------- d-----w- C:\Users\Jeff\AppData\Local\{F5A922FF-B834-4089-B7F0-302468EE4E92}
2012-06-02 03:38:12 -------- d-----w- C:\Users\Jeff\AppData\Local\{3C484DEC-AB63-49C1-940E-69AAE850FB14}
2012-06-01 22:44:03 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2012-06-01 22:43:56 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-01 22:43:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-01 22:43:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-01 22:20:57 -------- d-----w- C:\Users\Jeff\AppData\Roaming\SpeedyPC Software
2012-06-01 22:20:57 -------- d-----w- C:\Users\Jeff\AppData\Roaming\DriverCure
2012-06-01 22:20:40 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-06-01 22:20:40 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-06-01 22:20:40 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-06-01 13:48:26 -------- d-----w- C:\Users\Jeff\AppData\Local\{E6499A0C-CE61-4172-B4A6-8391A503B96F}
2012-06-01 13:48:14 -------- d-----w- C:\Users\Jeff\AppData\Local\{66EFBB36-95BE-4F74-A6D2-911E5112A63B}
2012-06-01 01:47:49 -------- d-----w- C:\Users\Jeff\AppData\Local\{B81D245B-14AC-4F5F-ADD8-880ED227DB81}
2012-06-01 01:47:38 -------- d-----w- C:\Users\Jeff\AppData\Local\{459737A4-00AB-48AD-8823-47AB6FC6A0FC}
2012-05-31 12:27:49 -------- d-----w- C:\Users\Jeff\AppData\Local\{78E98722-CC03-4927-B44B-3BD1FA2771DE}
2012-05-31 12:27:37 -------- d-----w- C:\Users\Jeff\AppData\Local\{77580430-ACC0-4036-9863-B74CFEE99D2C}
2012-05-30 23:54:14 -------- d-----w- C:\Users\Jeff\AppData\Local\{18D5EE31-2E27-416B-970D-383A8B8C7526}
2012-05-30 23:54:03 -------- d-----w- C:\Users\Jeff\AppData\Local\{0CE57CBB-92E4-41F8-987C-12B119A7D3A5}
2012-05-30 22:39:21 -------- d-----w- C:\Windows\pss
2012-05-30 22:28:54 -------- d-----w- C:\Users\Jeff\AppData\Local\NPE
2012-05-30 11:47:45 -------- d-----w- C:\Users\Jeff\AppData\Local\{D9CE3664-930D-4154-A5C6-01EEE508B224}
2012-05-30 11:47:34 -------- d-----w- C:\Users\Jeff\AppData\Local\{9B2E8B6A-0A40-43CD-A7AF-9BBE2BD63533}
2012-05-29 23:47:09 -------- d-----w- C:\Users\Jeff\AppData\Local\{6DC0B8B5-2145-4AC8-8D10-528DE205EF15}
2012-05-29 23:46:58 -------- d-----w- C:\Users\Jeff\AppData\Local\{FE10F476-CAE9-4555-BACB-C99D3F7CD3B2}
2012-05-29 11:46:33 -------- d-----w- C:\Users\Jeff\AppData\Local\{0B57D882-293C-4C8E-A2BC-26422753AC09}
2012-05-29 11:46:21 -------- d-----w- C:\Users\Jeff\AppData\Local\{33E1845E-F70F-4E5D-B100-EDE7910229D7}
2012-05-28 23:40:58 -------- d-----w- C:\Users\Jeff\AppData\Local\{11EB0140-6A16-454E-A6E2-AA706AF7AB6E}
2012-05-28 23:40:47 -------- d-----w- C:\Users\Jeff\AppData\Local\{927EE053-6D42-4252-89CC-2129D466360F}
2012-05-28 17:24:22 -------- d-----w- C:\Program Files (x86)\Puppetshow - Return to Joyville
2012-05-28 11:40:34 -------- d-----w- C:\Users\Jeff\AppData\Local\{0346E2E6-3A4C-45D7-9E29-6C09F8048206}
2012-05-28 11:40:22 -------- d-----w- C:\Users\Jeff\AppData\Local\{3407BD16-DD7C-4E25-9E11-90D8C6317E4C}
2012-05-27 22:49:37 -------- d-----w- C:\Users\Jeff\AppData\Local\{8539D024-2E4B-4857-BA90-9157C015AFF6}
2012-05-27 22:49:26 -------- d-----w- C:\Users\Jeff\AppData\Local\{CF08C270-9471-4EE0-B613-C453BFD7328A}
2012-05-27 10:49:13 -------- d-----w- C:\Users\Jeff\AppData\Local\{B0308D60-B172-4D4E-A666-AFDA030F5CD0}
2012-05-27 10:49:02 -------- d-----w- C:\Users\Jeff\AppData\Local\{E61C985C-2A8C-4910-8D17-8F0DDE6C8674}
2012-05-26 13:14:12 -------- d-----w- C:\Users\Jeff\AppData\Local\{02C22AD7-0F12-4FB8-AA11-A4394E9FDE4D}
2012-05-26 13:14:00 -------- d-----w- C:\Users\Jeff\AppData\Local\{67B72299-F761-4338-A4AE-6E4EA8C6884B}
2012-05-26 01:13:34 -------- d-----w- C:\Users\Jeff\AppData\Local\{FB91A34B-9312-4C94-9E72-A398B91C61EA}
2012-05-26 01:13:22 -------- d-----w- C:\Users\Jeff\AppData\Local\{BAB0BA65-0FA4-47C6-AEC7-3E658592C74E}
2012-05-25 08:25:10 -------- d-----w- C:\Users\Jeff\AppData\Local\{49D94C31-10F5-45B5-A152-62F95B3726D8}
2012-05-25 08:24:59 -------- d-----w- C:\Users\Jeff\AppData\Local\{91BBD089-D1D1-498B-B30D-845BD9E39720}
2012-05-24 20:24:46 -------- d-----w- C:\Users\Jeff\AppData\Local\{6FC463A6-A517-45A4-929B-7953D017A00C}
2012-05-24 20:24:35 -------- d-----w- C:\Users\Jeff\AppData\Local\{C5F1E87E-78C5-46ED-B3E2-39D92028B8B5}
2012-05-24 08:24:10 -------- d-----w- C:\Users\Jeff\AppData\Local\{6EA184B4-4071-4A89-8D73-C1A2B2800DEB}
2012-05-24 08:23:59 -------- d-----w- C:\Users\Jeff\AppData\Local\{43EBB88C-62A4-4B4D-9D60-5D7D8D48D865}
2012-05-23 20:23:46 -------- d-----w- C:\Users\Jeff\AppData\Local\{4FC24D6D-5B73-44B5-8DE6-EABB373F4D97}
2012-05-23 20:23:35 -------- d-----w- C:\Users\Jeff\AppData\Local\{27ED64B8-A80A-48F0-99DC-7AF73A5407C4}
2012-05-23 07:46:26 -------- d-----w- C:\Users\Jeff\AppData\Local\{E569250D-B8D0-4993-A805-19EF425A9148}
2012-05-23 07:46:14 -------- d-----w- C:\Users\Jeff\AppData\Local\{F8425572-DF86-4602-A874-86B276771A92}
2012-05-22 19:23:23 -------- d-----w- C:\Users\Jeff\AppData\Local\{67B57BF1-2BF6-4448-98A4-3303AD9342C1}
2012-05-22 19:23:12 -------- d-----w- C:\Users\Jeff\AppData\Local\{AF62797D-A3FE-4CE2-B279-F367602A024F}
2012-05-22 07:22:39 -------- d-----w- C:\Users\Jeff\AppData\Local\{21871802-60E1-4231-8116-6752C5C2B5C8}
2012-05-22 07:21:51 -------- d-----w- C:\Users\Jeff\AppData\Local\{332B6B2D-2F5E-45C1-A942-6F8914863C0F}
2012-05-21 13:56:43 -------- d-----w- C:\Users\Jeff\AppData\Local\{C46DC0B1-BE7D-4D44-AD84-D16F927F9F40}
2012-05-21 13:56:32 -------- d-----w- C:\Users\Jeff\AppData\Local\{A6486E20-C2D9-4C2A-8F84-00FD8D408E99}
2012-05-21 01:56:16 -------- d-----w- C:\Users\Jeff\AppData\Local\{11B298A8-B497-4EE0-A10D-6367A80BFDA2}
2012-05-21 01:56:07 -------- d-----w- C:\Users\Jeff\AppData\Local\{105C7889-6F8D-4FAF-9561-7BBD2170DF55}
2012-05-20 11:40:07 -------- d-----w- C:\Users\Jeff\AppData\Local\{8B790C8C-6923-4FFD-82B5-DBDE5F2FBB55}
2012-05-20 11:39:56 -------- d-----w- C:\Users\Jeff\AppData\Local\{8F191DFC-598D-48A6-95E4-F882B949E5A3}
2012-05-19 21:50:23 -------- d-----w- C:\Users\Jeff\AppData\Local\{1C913E32-75C9-4099-B3FA-1EE6E530EFD6}
2012-05-19 21:50:11 -------- d-----w- C:\Users\Jeff\AppData\Local\{A47C4771-CB92-4376-BC21-27A9378D7238}
2012-05-19 09:49:59 -------- d-----w- C:\Users\Jeff\AppData\Local\{45C5432F-B190-49F0-B1F4-40EDFCB90B28}
2012-05-19 09:49:47 -------- d-----w- C:\Users\Jeff\AppData\Local\{EFE4B869-4D27-4EE8-8891-3D022EF1B69C}
2012-05-18 21:49:35 -------- d-----w- C:\Users\Jeff\AppData\Local\{685E36CA-B179-4856-83C4-5864B94C6801}
2012-05-18 21:49:23 -------- d-----w- C:\Users\Jeff\AppData\Local\{4FE3E11E-BE7A-4D11-86DC-FD61DA534096}
2012-05-18 07:27:22 737912 ----a-w- C:\Windows\System32\drivers\NAVx64\1307010.005\srtsp64.sys
2012-05-18 07:27:22 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1307010.005\symds64.sys
2012-05-18 07:27:22 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1307010.005\symnets.sys
2012-05-18 07:27:22 37496 ----a-w- C:\Windows\System32\drivers\NAVx64\1307010.005\srtspx64.sys
2012-05-18 07:27:22 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1307010.005\ironx64.sys
2012-05-18 07:27:22 167048 ----a-w- C:\Windows\System32\drivers\NAVx64\1307010.005\ccsetx64.sys
2012-05-18 07:27:22 1092728 ----a-w- C:\Windows\System32\drivers\NAVx64\1307010.005\symefa64.sys
2012-05-18 07:27:18 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1307010.005
2012-05-18 05:15:02 -------- d-----w- C:\Users\Jeff\AppData\Local\{20121257-6C57-4D4D-8951-8A3AE1A8DB5F}
2012-05-18 05:14:51 -------- d-----w- C:\Users\Jeff\AppData\Local\{FA7E2CFC-C169-4A73-BC8C-49B41850AA9E}
2012-05-17 17:14:38 -------- d-----w- C:\Users\Jeff\AppData\Local\{76283022-6375-4735-B8C5-70E01F6FD7BD}
2012-05-17 17:14:26 -------- d-----w- C:\Users\Jeff\AppData\Local\{650CD7A0-AACA-445E-A3E3-F179182AF171}
2012-05-17 04:19:37 -------- d-----w- C:\Users\Jeff\AppData\Local\{82D384EC-C48B-4CC0-9BFB-143088556DD6}
2012-05-17 04:19:26 -------- d-----w- C:\Users\Jeff\AppData\Local\{EEEBAF90-94C9-4D54-9542-1A4C9D26B890}
2012-05-16 16:18:59 -------- d-----w- C:\Users\Jeff\AppData\Local\{6D849FD5-F4CB-4A04-9A96-957F2E880EC3}
2012-05-16 16:18:47 -------- d-----w- C:\Users\Jeff\AppData\Local\{F667B0AA-19E5-4A84-B538-CE3910FE2577}
2012-05-15 22:05:42 -------- d-----w- C:\Users\Jeff\AppData\Local\{8A27697E-903F-4062-8CDC-C619601A289D}
2012-05-15 22:05:30 -------- d-----w- C:\Users\Jeff\AppData\Local\{6DCADE1A-64B2-49D0-B44D-9C66E1A5F02E}
2012-05-15 21:38:15 -------- d-----w- C:\Users\Jeff\AppData\Local\LogMeIn Rescue Applet
2012-05-13 19:01:11 -------- d-----w- C:\Users\Jeff\AppData\Local\{28208645-F74B-49A9-BAE7-6A7C8E9E5AFD}
2012-05-13 19:01:00 -------- d-----w- C:\Users\Jeff\AppData\Local\{E89DD03F-1A18-4A06-A3D3-009EBE3781C1}
2012-05-12 07:29:26 -------- d-----w- C:\Users\Jeff\AppData\Local\{C417D30A-FBFD-4D7D-9D71-132B706CA6FD}
2012-05-12 07:29:15 -------- d-----w- C:\Users\Jeff\AppData\Local\{E7D852AC-BF8D-4701-A8A1-1246C3334E4A}
2012-05-12 02:50:59 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 02:50:59 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 02:50:58 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 02:50:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 02:50:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 02:50:57 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 02:50:03 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 02:49:41 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 02:49:39 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 02:49:39 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 02:49:39 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 02:49:39 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 02:49:39 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 16:20:31 -------- d-----w- C:\Users\Jeff\AppData\Local\{4DED0C47-E9B4-49AE-BC03-0843A2A78585}
2012-05-10 16:20:19 -------- d-----w- C:\Users\Jeff\AppData\Local\{6EB0B220-241F-4CAF-BEED-A592517B2AC3}
2012-05-09 05:06:54 -------- d-----w- C:\Users\Jeff\AppData\Local\{64638BB0-30EB-47D6-8E1B-AAE9393B09AA}
2012-05-09 05:06:43 -------- d-----w- C:\Users\Jeff\AppData\Local\{BC45ED5A-C692-427E-8B74-7CD14D3CAAEF}
2012-05-07 20:03:32 -------- d-----w- C:\Users\Jeff\AppData\Local\{20EF32A5-5179-47DD-9C8E-1647C4BB6BA3}
2012-05-07 20:03:21 -------- d-----w- C:\Users\Jeff\AppData\Local\{F78A23A3-F644-47DB-8F41-12CD417FB058}
2012-05-07 07:01:51 -------- d-----w- C:\Users\Jeff\AppData\Local\{B33C1871-BBC4-4FDB-812E-FE09BFE9145D}
2012-05-07 07:01:39 -------- d-----w- C:\Users\Jeff\AppData\Local\{373DC5D3-093E-47CC-9797-258328BB668A}
2012-05-06 17:14:52 -------- d-----w- C:\Users\Jeff\AppData\Local\{C7CA2E56-C73F-4B76-8B2D-3603BB9FE9EE}
2012-05-06 06:22:19 -------- d-----w- C:\Users\Jeff\AppData\Local\{1B8C9F26-969F-4117-B183-06808ECC6664}
2012-05-06 06:22:08 -------- d-----w- C:\Users\Jeff\AppData\Local\{879BB8B9-DA91-44A6-B473-84CBF41B36AD}
2012-05-05 19:00:13 -------- d-----w- C:\Users\Jeff\AppData\Local\{F1B318E8-0B18-44F4-A55B-05B1B81E273F}
2012-05-05 19:00:01 -------- d-----w- C:\Users\Jeff\AppData\Local\{DB320363-B674-47B5-B35A-A3CD350D48AD}
2012-05-05 00:24:27 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 14:06:25 -------- d-----w- C:\Users\Jeff\AppData\Local\{D63005E5-972A-4E3E-BF59-FB2B840047FD}
2012-05-04 14:06:14 -------- d-----w- C:\Users\Jeff\AppData\Local\{FE96D90D-471F-47EB-BCDA-3CC49309FC4F}
2012-05-04 06:43:15 -------- d-----w- C:\Users\Jeff\AppData\Local\{4C93D8A6-F16A-443E-A13A-5AADEA5758D0}
2012-05-04 06:43:04 -------- d-----w- C:\Users\Jeff\AppData\Local\{4AFD204F-B66C-4AB0-86E6-831C4A70039F}
.
==================== Find3M ====================
.
2012-05-30 21:29:36 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-05-05 00:24:36 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 00:24:36 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-19 19:06:36 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-08-23 22:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
2011-08-23 22:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll
2011-08-23 22:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll
2011-08-23 22:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll
2011-08-23 22:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll
.
============= FINISH: 11:57:05.99 ===============

 

[Bobbye]

Welcome to TechSpot! Leaving logs without any description of what you are experiencing doesn't give me much information.

I will help find and remove the malware, but need some description from you.

There is also another log for DDS- it's named Attach.txt and should have been pasted in with the DDS.txt log. If you can find it, please leave in the next reply. But most likely you will need to repeat the scan to get the log.
==============================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------

• 
  Download Combofix from HERE or HEREand save to the desktop
  • Double click combofix.exe
    
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    

    The Recovery Console was successfully installed.

  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• Close any open browsers.
• Before you run the Combofix scan, please disable any security software you have running.
  (If you need help with this, please see HERE)
• Click on Yes, to continue scanning for malware
• If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1o not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
======================================================

To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
4. Continue with the directions.
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=============================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

Please include a description of your problem and the logs for Attach.txt, Combofix and the Eset scan in your next reply.

Please uninstall the following:
SpeedupMyPC
Relavant Knowledge
Facemods.

After they have been uninstalled, use Windows explorer to access Computer> Local Drive(C)> Programs> Find the program folder for each of the programs you uninstalled and do a right click> Delete.

I have renamed your thread to something more appropriate.

 

[Osbert]

sorry - I'm a total computer noob so thanks for your patience
the problem with my computer is increasingly frequent crashes which makes me suspect some kind of malware but my norton can't seem to find it. in fact, I can't run the Eset scan - I've tried for three hours, but my computer consistently crashes before it is finished. is there another program I could try?
in any case...the attach.txt log...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 17/10/2010 11:17:56 PM
System Uptime: 02/06/2012 6:52:13 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A88TD-V EVO/USB3
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 806.354 GiB free.
D: is FIXED (NTFS) - 292 GiB total, 14.978 GiB free.
E: is FIXED (NTFS) - 6 GiB total, 0.881 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP194: 01/06/2012 2:54:31 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X
All My Gods
AMD VISION Engine Control Center
Aquapolis
ATI Catalyst Registration
Avination Viewer
Big Fish Games: Game Manager
BugBits
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Corel KPT Collection
Corel Painter Essentials 4
Corel PaintShop Photo Pro X3
D3DX10
Dark Dimensions: City of Fog
Downloader
Dracula: Love Kills
Dream Inn: Driftwood
DUNGEONS
EAX Unified
ESET Online Scanner v3
Fairy Maids
Farm Frenzy 3: Madagascar
Farm Frenzy Pizza Party
Font Management System
GhostMaster
Google Chrome
Google Update Helper
Gourmania 3: Zoo Zoom
ICA
IPM_PSP_CL
IPM_PSP_COM
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Life Quest®
Magic Bullet PhotoLooks for PaintShop Photo Pro
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Mr Jones' Graveyard Shift
MSVCRT
MSVCRT_amd64
Mystery of Mortlake Mansion
NEC Electronics USB 3.0 Host Controller Driver
Norton AntiVirus
OpenOffice.org 3.2
Orchard
Origin
Phoenix Viewer 1.6.0.1691
Plants vs. Zombies
Poser Debut
PSPPContent
PSPPRO_DCRAW
Puppetshow: Return to Joyville
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Redrum: Time Lies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Setup
SpeedyPC Pro
Stray Souls: Dollhouse Story Collector's Edition
The Lord of the Rings FREE Trial
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Generations
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
31/05/2012 5:49:16 PM, Error: Service Control Manager [7031] - The Norton AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
31/05/2012 11:23:04 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
31/05/2012 10:45:43 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 8 time(s).
31/05/2012 10:40:22 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 7 time(s).
31/05/2012 10:39:57 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: An instance of the service is already running.
31/05/2012 10:39:15 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 6 time(s).
31/05/2012 10:38:43 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 5 time(s).
31/05/2012 10:37:16 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 4 time(s).
31/05/2012 10:36:49 PM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 3 time(s).
31/05/2012 10:35:30 PM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
31/05/2012 10:34:57 PM, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
31/05/2012 10:33:09 PM, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
31/05/2012 10:31:56 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
31/05/2012 10:28:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
31/05/2012 10:28:08 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/05/2012 10:27:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
30/05/2012 5:07:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000005003, 0xfffff780c0000000, 0x000000000001f6f1, 0x0001abf70003edc2). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053012-26660-01.
30/05/2012 12:28:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002eb7f60, 0xfffff88003f1af00, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053012-24694-01.
02/06/2012 9:19:29 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/06/2012 6:52:46 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
02/06/2012 6:52:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000068, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ee8925). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060212-30934-01.
02/06/2012 6:26:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000034 (0x0000000000050853, 0xfffff88003385738, 0xfffff88003384f90, 0xfffff80002ed0df7). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060212-22183-01.
02/06/2012 5:36:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff88008cce010, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060212-20373-01.
02/06/2012 5:17:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003002617, 0xfffff88008b2a6e0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060212-21590-01.
02/06/2012 4:46:00 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
02/06/2012 4:44:52 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/06/2012 4:43:36 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
02/06/2012 3:47:46 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/06/2012 3:18:46 PM, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
02/06/2012 3:18:46 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
02/06/2012 3:18:46 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/06/2012 3:18:46 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
02/06/2012 3:18:46 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
02/06/2012 11:21:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
02/06/2012 11:21:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
02/06/2012 11:21:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
02/06/2012 11:21:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
02/06/2012 11:20:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
02/06/2012 11:19:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
02/06/2012 11:19:56 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: An instance of the service is already running.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/06/2012 11:19:54 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/06/2012 11:19:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the COM+ Event System service to connect.
02/06/2012 11:19:35 AM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:19:35 AM, Error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:47 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Audio Endpoint Builder service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Policy Service service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Desktop Window Manager Session Manager service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Security Accounts Manager service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Program Compatibility Assistant Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Print Spooler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Offline Files service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Norton AntiVirus service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The Windows Audio Endpoint Builder service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The Desktop Window Manager Session Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:46 AM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/06/2012 11:17:19 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
02/06/2012 11:16:04 AM, Error: Service Control Manager [7022] - The DHCP Client service hung on starting.
02/06/2012 11:16:04 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
02/06/2012 11:16:01 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
02/06/2012 11:14:40 AM, Error: Service Control Manager [7022] - The TCP/IP NetBIOS Helper service hung on starting.
02/06/2012 11:14:40 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: After starting, the service hung in a start-pending state.
02/06/2012 11:13:16 AM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting.
02/06/2012 11:11:54 AM, Error: Service Control Manager [7022] - The Windows Event Log service hung on starting.
01/06/2012 2:55:53 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{3d6529a6-da65-11df-8aea-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6FD7FADD-8166-4AC3-8629-EF7F5A85E2E1}' was corrupted and it has been recovered. Some data might have been lost.
01/06/2012 2:54:43 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 2 time(s).
01/06/2012 2:54:30 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
01/06/2012 2:19:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff8800337e758, 0xfffff8800337dfb0, 0xfffff880014c88f5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060112-21637-01.
01/06/2012 12:51:59 AM, Error: Service Control Manager [7034] - The Superfetch service terminated unexpectedly. It has done this 3 time(s).
.
==== End Of File ===========================

and the combofix log...


ComboFix 12-06-02.03 - Jeff 02/06/2012 16:38:30.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8191.6210 [GMT -4:00]
Running from: c:\users\Jeff\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\08E3CD68F7.sys
c:\users\Jeff\Documents\~WRL0004.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))
.
.
2012-06-02 20:43 . 2012-06-02 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 22:44 . 2012-06-01 22:44 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2012-06-01 22:43 . 2012-06-01 22:43 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 22:43 . 2012-06-01 22:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-01 22:43 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 22:20 . 2012-06-01 22:20 -------- d-----w- c:\users\Jeff\AppData\Roaming\SpeedyPC Software
2012-06-01 22:20 . 2012-06-01 22:20 -------- d-----w- c:\users\Jeff\AppData\Roaming\DriverCure
2012-06-01 22:20 . 2012-06-01 22:20 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-01 22:20 . 2012-06-01 22:20 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-06-01 22:20 . 2012-06-01 22:20 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-05-30 22:28 . 2012-05-30 22:32 -------- d-----w- c:\users\Jeff\AppData\Local\NPE
2012-05-28 17:24 . 2012-05-28 17:25 -------- d-----w- c:\program files (x86)\Puppetshow - Return to Joyville
2012-05-18 07:27 . 2012-05-23 11:08 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307010.005
2012-05-15 22:08 . 2012-05-15 22:08 -------- d-----w- c:\program files\Windows Live
2012-05-15 21:38 . 2012-05-15 22:04 -------- d-----w- c:\users\Jeff\AppData\Local\LogMeIn Rescue Applet
2012-05-12 02:50 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 02:50 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 02:50 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 02:50 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 02:50 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 02:50 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 02:50 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 02:49 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 02:49 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 02:49 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 02:49 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 02:49 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 02:49 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 00:24 . 2012-05-05 00:24 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 21:29 . 2010-10-18 19:47 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-05-15 22:07 . 2010-06-24 15:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 00:24 . 2012-04-25 15:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 00:24 . 2011-08-25 01:35 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 19:06 . 2011-06-17 08:01 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-23 22:42 . 2011-09-29 05:24 332144 ----a-w- c:\program files (x86)\Common Files\MediaOrganizer.dll
2011-08-23 22:35 . 2011-09-29 05:24 33136 ----a-w- c:\program files (x86)\Common Files\FlickrProvider.dll
2011-08-23 22:35 . 2011-09-29 05:24 130416 ----a-w- c:\program files (x86)\Common Files\PluginCommon.dll
2011-08-23 22:35 . 2011-09-29 05:24 402800 ----a-w- c:\program files (x86)\Common Files\facebook.dll
2011-08-23 22:34 . 2011-09-29 05:24 465264 ----a-w- c:\program files (x86)\Common Files\AppFramework.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2011-09-07 522752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-04-13 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20120601.001\IDSvia64.sys [2012-04-28 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 00:24]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 19:28]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 19:28]
.
2012-06-02 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2012-06-01 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-06-01 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-20 10151968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=w7th1
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\f7m7sz3w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file)
AddRemove-_{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0}
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4120525190-1002349284-178691253-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4120525190-1002349284-178691253-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4120525190-1002349284-178691253-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Completion time: 2012-06-02 16:50:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-02 20:50
.
Pre-Run: 864,401,981,440 bytes free
Post-Run: 866,343,198,720 bytes free
.
- - End Of File - - 1292A3536402D817AA5486A81F390B51

thanks so much

 

[Bobbye]

Okay- allow me to say this from experience: the majority of computer users don't know how to troubleshoot a problem. The "assume" if things don't work right, that there must be malware messing up the system. I usually do find some malware-even if it's toolbars the user would be better off without. But I also usually find settings that need to be fixed> maybe changed by malware- or maybe just not set correctly.

So what you have to help with is give me as much information as you can about something that happens:

I see a lot of errors from today. But this is what started yesterday:

01/06/2012 2:55:53 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{3d6529a6-da65-11df-8aea-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6FD7FADD-8166-4AC3-8629-EF7F5A85E2E1}' was corrupted and it has been recovered. Some data might have been lost.

=======================================
We'll have to wait and see how much damage this caused.
======================================

At some point, you got a popup inviting you to get SpeedyPC Pro. You were probably told it would fix everything, that you needed to get the program to make the system run right. Unfortunately, you fell for this and installed this scam on the system. Here's what you got:

Re: Speedy PC Pro

Probably too late to help the OP, but for others:

SpeedyPC Pro is a scam. It is also directly tied to their payment processing company, "Safecart". Neither is US-based making it a mess to try to get refunds...or repairs.It pops up if you're unknowingly trying to email an exceedingly large file or search using terms like "slow PC", "sluggish", "email won't load" etc etc.
Lesson 1- NEVER buy software that magically shows up when you're having problems.
Once it's downloaded, paid for (usually Paypal-to-Safecart) you are asked to "activate" it - requiring remote access to your PC.
Lesson 2 - any unknown, non brand-name software support person should NEVER be allowed remote access...even major companies should be allowed only controlled access, usually spelled out in the user agreement (which is vital reading for any software "requiring" external/remote access.
If folders or files appear missing, renamed, moved etc. and you call support, you will again be asked for remote access. Do not allow it. They will then state the only other support level is paid support (usually $300 or so, with the price dropping if you vacillate).
Lesson 3 - refuse paid support.

Then, when it's obvious you're in trouble, you will want to remove it - which they will help you with if you allow them REMOTE ACCESS!.. Again, you MUST refuse. You can ask for email instructions, which they will promise to send - and never do. You can ask to speak to a supervisor, and will be placed on hold - forever. You can remove the software - but it will leave some visible and more hidden files and folders you CAN'T see, even if you tick the "show hidden files and folders" box. You can do a system restore - same problem, not everything is gone.

In a recent situation, after several requests for removal instructions via email and assurance they cannot still a system after the software is "removed", activity was noted...external access. The computer was immediately taken offline.

Lesson 4 - you can't fix it yourself.
Bottom line - removal of this crap is requiring a trip to an expert tech shop, where the hard drive will be removed, *hopefully* critical files saved, the drive wiped clean and the system reloaded from scratch. Not a cheap fix, and the $30 purchase price won't begin to cover the charges. There's also no way to go after them as so many layers are involved.

If you've never heard of it, can't find reviews by major players (Cnet and such) avoid it like the plague. And if it's too late, not only have your PC wiped but re-set ALL passwords (resetting user names is also a good idea) and re-set the security on your home or business network.

(FWIW the first review site says "SpeedyPC Pro Exposed?" - and is "comparepcsoftware.com, coincidentally owned by the same company as SpeedyPC Pro. That should give you a clear indication of how they work).

There is plenty of quality, name band software out there. And some small outfits produce great stuff - but they market through normal channels and if truly good will have reviews by known experts.

SpeedyPC Pro is a very, very costly way to find out how software doesn't work and how data retrieval DOES.

===================================================================
I am finishing up writing some script for entries to be removed using Combofix. While I am doing that:

1. Do NOT pay for SpeedUpMyPC
2. If payment is already in the works, stop the payment.
3. Uninstall SpeedUpMyPC. After it is uninstalled, right click on Start> Explore> Local Drive (C)> Programs. find the program folder(s) for SpeedUpMyPC and do a right click> Delete..
4. Reboot the computer.

Please follow the same uninstall/delete program folder for RelevantKnowledge.

If you get any error messages when you try to remove this program:

Boot into Safe Mode with Networking

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, and then press ENTER.

Then do the uninstall and folder removal.

I will include the processes I see running, so as soon as my script is up, go ahead with it. Nothing else

 

[Bobbye]

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

KillAll::
File::

Folder::
c:\users\Jeff\AppData\Roaming\SpeedyPC Software
c:\users\Jeff\AppData\Roaming\DriverCure
c:\programdata\SpeedyPC Software
c:\program files (x86)\SpeedyPC Software
c:\program files (x86)\Common Files\SpeedyPC Software
c:\users\Jeff\AppData\Local\LogMeIn Rescue Applet
DDS::
uStart Page = hxxp://start.facemoods.com/?a=w7th1
mSearchAssistant = hxxp://start.facemoods.com/?a=w7th1&s={searchTerms}&f=4
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Corel Photo Downloader] "c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Extra::
File::
Firefox::
Firefox-: - Profile - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\f7m7sz3w.default\
Firefox-: - prefs.js - Search.DefaultURL
Firefox-: - prefs.js- Startup.Homepage 
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Corel Photo Downloader"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Firefox Keyword Reset:

• 
  [1]. Open FireFox and instead of a url, type about:config in the Address Bar.
  [2]. Firefox will give you a warning, but go in anyway.
  [3]. Locate the keyword.url line. It should look like the image below.
  
  
  
  [4]. Right click on keyword.url, then select Reset

=======================
The following Scheduled Tasks should all be removed:

Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
To delete a task> right-click on each task below> click Delete.

c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\SpeedyPC Pro.job
c:\windows\Tasks\SpeedyPC Registration3.job
c:\windows\Tasks\SpeedyPC Update Version3.job

Reboot the computer and leave the new log from Combofix.


[*] To prevent task from running until you run again>
[o] right-click the task> Properties> On the General tab>
[o] clear the Enabled check box> Select the check box again when you are ready to run it again. [/list]
======================================

 

[Osbert]

Edit: Quoted directions deleted by Bobbye.

Thanks very much. The SpeedyPC was actually downloaded from this site (my computer friend told me that there was a 5 step diagnostic and I thought that that was it). Once it started asking for money I realized I'd hit the wrong thing and backtracked to the forums - no money was exchanged. I got everything on your list (I hope) tho RelevantKnowledge isn't in my files and the SpeedyPC registration, updates etc. apparently disappeared when I uninstalled it. Here's the results of the combofix -

ComboFix 12-06-02.03 - Jeff 02/06/2012 21:38:44.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8191.6575 [GMT -4:00]
Running from: c:\users\Jeff\Downloads\ComboFix.exe
Command switches used :: c:\users\Jeff\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 3
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
c:\users\Jeff\AppData\Local\LogMeIn Rescue Applet
c:\users\Jeff\AppData\Roaming\DriverCure
c:\users\Jeff\AppData\Roaming\DriverCure\LogFile.txt
c:\users\Jeff\AppData\Roaming\SpeedyPC Software
.
.
((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))))
.
.
2012-06-03 01:43 . 2012-06-03 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-02 21:07 . 2012-06-02 21:07 -------- d-----w- c:\program files (x86)\ESET
2012-06-01 22:44 . 2012-06-01 22:44 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2012-06-01 22:43 . 2012-06-01 22:43 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 22:43 . 2012-06-01 22:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-01 22:43 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-30 22:28 . 2012-05-30 22:32 -------- d-----w- c:\users\Jeff\AppData\Local\NPE
2012-05-28 17:24 . 2012-05-28 17:25 -------- d-----w- c:\program files (x86)\Puppetshow - Return to Joyville
2012-05-18 07:27 . 2012-05-23 11:08 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307010.005
2012-05-15 22:08 . 2012-05-15 22:08 -------- d-----w- c:\program files\Windows Live
2012-05-12 02:50 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 02:50 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 02:50 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 02:50 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 02:50 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 02:50 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 02:50 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 02:49 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 02:49 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 02:49 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 02:49 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 02:49 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 02:49 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 00:24 . 2012-05-05 00:24 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 21:29 . 2010-10-18 19:47 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-05-15 22:07 . 2010-06-24 15:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 00:24 . 2012-04-25 15:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 00:24 . 2011-08-25 01:35 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 19:06 . 2011-06-17 08:01 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-23 22:42 . 2011-09-29 05:24 332144 ----a-w- c:\program files (x86)\Common Files\MediaOrganizer.dll
2011-08-23 22:35 . 2011-09-29 05:24 33136 ----a-w- c:\program files (x86)\Common Files\FlickrProvider.dll
2011-08-23 22:35 . 2011-09-29 05:24 130416 ----a-w- c:\program files (x86)\Common Files\PluginCommon.dll
2011-08-23 22:35 . 2011-09-29 05:24 402800 ----a-w- c:\program files (x86)\Common Files\facebook.dll
2011-08-23 22:34 . 2011-09-29 05:24 465264 ----a-w- c:\program files (x86)\Common Files\AppFramework.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-02_20.46.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-18 06:09 . 2012-06-02 21:03 30124 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-03 01:17 33490 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-18 06:09 . 2012-06-03 01:17 15660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4120525190-1002349284-178691253-1000_UserData.bin
+ 2011-08-25 09:38 . 2012-06-03 01:02 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-08-25 09:38 . 2012-06-01 19:05 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-10-18 03:14 . 2012-06-02 20:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-18 03:14 . 2012-06-03 01:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-18 03:14 . 2012-06-02 20:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-18 03:14 . 2012-06-03 01:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-02 20:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-03 01:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-18 06:20 . 2012-06-03 01:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-18 06:20 . 2012-06-02 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-18 06:20 . 2012-06-03 01:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-18 06:20 . 2012-06-02 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-07 23:27 . 2012-06-02 21:00 3630 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-02 20:45 . 2012-06-02 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-03 01:44 . 2012-06-03 01:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-03 01:44 . 2012-06-03 01:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-02 20:45 . 2012-06-02 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-02 20:44 301904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-03 01:43 301904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-09 12:16 . 2012-06-03 01:43 1229088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-03-09 12:16 . 2012-06-01 22:50 1229088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2012-06-03 05:14 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-12 07:26 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-10-22 22:30 . 2012-06-03 01:43 57464864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4120525190-1002349284-178691253-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-04-13 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.2.10\Definitions\IPSDefs\20120601.001\IDSvia64.sys [2012-04-28 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 00:24]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 19:28]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 19:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-20 10151968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\f7m7sz3w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=2&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4120525190-1002349284-178691253-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4120525190-1002349284-178691253-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4120525190-1002349284-178691253-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Completion time: 2012-06-02 21:48:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-03 01:48
ComboFix2.txt 2012-06-02 20:50
.
Pre-Run: 866,354,212,864 bytes free
Post-Run: 866,269,777,920 bytes free
.
- - End Of File - - 52695DD9C7C389E16D8DED35CED3F85B


Thanks again!

 

[Bobbye]

Install Date: 17/10/2010 > 1 year, 8 months- 1 restore point set 6 months ago!
==== System Restore Points ===================
.
RP194: 01/06/2012 2:54:31 PM - Scheduled Checkpoint

-----------------------------
Some day, a System Restore point may save your system! A SRP may be the only way you can get into the system- A SRP may undo the damage done by a bad download or update. Be good to yourself and set you own restore points:

1. Before you uninstall a program
2. Before you install a new program.
3. Before you do ANY updates!
4. Once in a while, just because
---------------------------------------
Create a Restore Point> Win 7

It is recommended that you create a restore point before installing new software or making any major changes to your computer.

• Right click on Computer> Properties> Choose System Protectiom
• Click on Create
• Type in a descriptive name for the Restore Point (like 'before ><name> program update)
• Click on Create
• You will see this when finished:
• 
• Click on Close

Now if whatever you did turns out not to have gone well, you can go back into System Protection and choose this restore point to put the system back as it was.
==================================

Running from: c:\users\Jeff\Downloads\ComboFix.exe

If the script worked, you don't have to make any changes, but FYI- because it's a better way:

You can choose a location on your computer where downloads should be saved by default. This means that whenever you using Save As in the File> Save As or when you choose to Save a download, it will automatically default to the location you have set/

You may find that setting the Default Download Location to your Desktop the most convenient. If you want to move the file later, you can. If you want to delete the file, it will be most handy on the Desktop. For the cleaning and scanning programs we use, almost all are directed to be saved to the desktop.

Set Default Download Location in Browsers:

Chrome:
Open Chrome> Customize and control> Options> Under the Hood> Downloads> Change> Select Desktop> OK
(Don't check 'ask where to save each time....')

Firefox:
Open Firefox> Tools> Options> Main/General> Downloads Section> Save Files to> Browse> Navigate to and select Desktop> OK

IE9
Open IE> Gear icon> View Downloads> Options> Browse to and select Desktop> OK

There may be a slight difference in the path dependent on the browser version. There may also be a box to check to "Ask me the location each time". I do not asvise checking that box.
=======================================================

I'm a total computer noob

Please be advised that you are no longer allowed to call yourself this. You now know at least 2 things more than you knew before we started!

 

[Bobbye]

Combofix looks good. There are 3 settings in Firefox that I tried to change and will try again. There is also a WinZup entry in the Registry I wanted open, but it's still locked. I don't want you to do anything with this file other than identifying it if you can:

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.

Are you still having the crashes? Do they come with a blue screen? What are you trying to do when it happens?

Please go back and update, then try the Eset scan again.

 

[Osbert]

sorry for the late reply - out of town and wanted to let the computer work for a bit to see what its doing
no more crashes - yay! - tho I do still get pop up windows especially when I'm accessing a site that I have to log into.
I'm not sure what the file is except that I downloaded winzip a while ago and it came with a (somewhat annoying) toolbar. could that be what it is? going to try the eset and will repost. thx!

 

[Osbert]

results of my eset scan...

D:\JEFF-PC\Backup Set 2012-04-04 163128\Backup Files 2012-04-04 170806\Backup files 5.zip Java/TrojanDownloader.Agent.NCJ trojan
D:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application
D:\Users\Jeff\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application

 

[Bobbye]

WinZip puts a lot of trash on the system!. Please remove the Registry Booster. We don't advise a registry cleaner for anyone- the risk is greater than any small benefit you might get.

The SpeedyPC was actually downloaded from this site (my computer friend told me that there was a 5 step diagnostic and I thought that that was it).

Just in case your friend's wants to refer anyone else here for help with malware removal: Please follow these steps: Preliminary Virus and Malware Removal.
==================================================

tho I do still get pop up windows especially when I'm accessing a site that I have to log into.

Explain please.

 

[Osbert]

WinZip puts a lot of trash on the system!. Please remove the Registry Booster. We don't advise a registry cleaner for anyone- the risk is greater than any small benefit you might get.



Just in case your friend's wants to refer anyone else here for help with malware removal: Please follow these steps: Preliminary Virus and Malware Removal.
==================================================


Explain please.

Well, as an example, I have a flickr account that asks for a username and password. I have it set to 'remember me', so I usually just hit the username space and my information appears. However, lately when I hit the space, I get a (separate) pop up window with some sort of advertizing in it. My information will not appear in the username/password boxes if this happens, and I have to either type it in myself or go to the site again. The second time I access the site, my information will appear with no pop-up. It does happen at other times as well, usually when I'm hitting a link within a site.
And I guess I'm not a noob now but I'm still prone to making critical errors so how exactly should I go about removing the registry booster?

 

[Bobbye]

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes 
  D:\Program Files\Uniblue\RegistryBooster\Launcher.exe
  :Files
  D:\JEFF-PC\Backup Set 2012-04-04 163128\Backup Files 2012-04-04 170806\Backup files 5.zip 
  D:\Users\Jeff\Downloads\registrybooster.exe 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
--------------------------------------
The Uniblue Registry Booster is on the D Drive> Is that a flash drive or external hard drive? That is where you need to uninstall it.
Then right click on Start> Explore> Computer> Double click on D Drive< Find the program folder and do a right click> Delete.
=================================================
Please run this Security Check:
Download Security Check by screen317 and save to the desktop

• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt please
• Post the contents of that document.

 

[Osbert]

results of MoveIt:

All processes killed
========== PROCESSES ==========
No active process named D:\Program Files\Uniblue\RegistryBooster\Launcher.exe was found!
========== FILES ==========
D:\JEFF-PC\Backup Set 2012-04-04 163128\Backup Files 2012-04-04 170806\Backup files 5.zip moved successfully.
D:\Users\Jeff\Downloads\registrybooster.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeff
->Temp folder emptied: 132255474 bytes
->Temporary Internet Files folder emptied: 10104927 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1112214027 bytes
->Google Chrome cache emptied: 8200642 bytes
->Flash cache emptied: 31970 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2945 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,204.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 06122012_040129

Files moved on Reboot...
C:\Users\Jeff\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

results of security check:

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton AntiVirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java(TM) 6 Update 26
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.2.202.235
Mozilla Firefox (13.0)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Norton AntiVirus Engine 19.7.1.5 ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Bobbye]

From OTM: Total Files Cleaned = 1,204.00 mb. This is a huge amount of files. Best you set up a regular maintenance schedule to include:
Delete temporary internet files & Cookies
Disc Cleanup
Error Check
Defrag
Occasional review of installed programs to remove what is not being used.
===============================================
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

1.Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
2, Please Uninstall: Adobe Flash Player 10. You have the current version
================================================
About the prompts you're getting on site you have registered on:
User name and password are stored on a Coockie. If you remove all of the Cookies, this information will be removed and you will have to re-register. When cleaning Coockiies originally, it's best to remove them all- then reset the Cookies to stop Tracking Coockies.
The next time you remove Cookies, you can delete them selectively, leaving those that have registraqtion information. You will need to re-enter user name and pw once to store:

SuperAntiSpyware Home Edition Free Version

• Please download SuperAntiSpyware from HERE
• Launch SuperAntiSpyware and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click on 'Preferences'.
• Click on the 'Statistics/Logs' tab.
• Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
-----------------------------
SAS will delete the Tracking Cookies on the system now. Then do the following to prevent in future:

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=======================================
I'd also like you to add the following for increased security:
Antispyware/Security: I recommend all of the following:

• Spywareblaster:Protects against bad ActiveX.
• IE/Spyad Restricts bad domains.
• MVPS Hosts files Directs HOSTS file to 127.0.0.1 which is your local computer.

And if Norton doesn't have a firewall, consider adding one of the following:

• Firewall (only one)
• Zone Alarm Free
• Comodo Firewall Free

Use a Site Advisor: I recommend Use WOT Site Advisor..
===============================================
Are there any problems remaining?