Possible virus/malware on home computer

Solved
By melia232
May 4, 2012
Topic Status:
Not open for further replies.
  1. Dear Tech Spot Community,

    Thank you very much for your help. While browsing the internet and doing a lot of multi-tasking, I felt my computer had started operating unusually slowly and decided to restart. When I restarted, the desktop background had changed to the default, Google chrome wouldn't open when I clicked on it, and I got an iTunes error: "Apple Application Support was not found. Apple Application Support is required to run iTunes. Please uninstall iTunes, then install iTunes again. Error 2 (Windows error 2). The first is easy to fix and I'm sure I can google solutions to the second two, but the combination of events made me very suspicious. I have followed the 5 steps. Please find the logs below.

    Thank you very much,
    Laura

    Malways Bytes log:
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.04.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Laura :: LAURA-PC [administrator]

    04/05/2012 6:05:32 AM
    mbam-log-2012-05-04 (06-05-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 204155
    Time elapsed: 11 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Gmer log

    [empty]

    DDS log

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Laura at 6:55:44 on 2012-05-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5922.3888 [GMT -7:00]
    .
    AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Users\Laura\Downloads\p99zihkz.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Google Update] "C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0E2319FC-F714-4271-BC6D-C92E266733D7} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0E2319FC-F714-4271-BC6D-C92E266733D7}\26C6B683 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0E2319FC-F714-4271-BC6D-C92E266733D7}\36F6D6D657E69636F6079616 : DhcpNameServer = 192.168.66.251 66.119.189.138 8.8.8.8
    TCP: Interfaces\{0E2319FC-F714-4271-BC6D-C92E266733D7}\4516B65602530234166656 : DhcpNameServer = 10.1.10.1
    TCP: Interfaces\{0E2319FC-F714-4271-BC6D-C92E266733D7}\45865602251696C67716970234C65726 : DhcpNameServer = 192.168.58.1
    TCP: Interfaces\{0E2319FC-F714-4271-BC6D-C92E266733D7}\B6D6C696E6B6379737 : DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133
    TCP: Interfaces\{0E2319FC-F714-4271-BC6D-C92E266733D7}\C4962627162797351757162756 : DhcpNameServer = 101.73.228.1
    TCP: Interfaces\{93E43A48-3C0D-4B58-9319-41D5986ED394} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    BHO-X64: Trend Micro NSC BHO - No File
    BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    BHO-X64: Trend Micro Toolbar BHO - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    BHO-X64: TmBpIeBHO - No File
    BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO-X64: Google Dictionary Compression sdch - No File
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [(Default)]
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\q1gzn1rn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll
    FF - plugin: C:\Users\Laura\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
    R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-3 2655768]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-8-3 645048]
    R2 wsnm;VMware View Client;C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2011-2-18 494192]
    R2 wsnm_usbctrl;VMware View USB Control;C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-2-18 1120368]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
    R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
    R3 vmwvusb;VMware View Generic USB Driver;C:\Windows\system32\Drivers\vmwvusb.sys --> C:\Windows\system32\Drivers\vmwvusb.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-11-11 275912]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 135664]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-11-12 30192]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 135664]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    2012-05-04 13:04:46 -------- d-----w- C:\Users\Laura\AppData\Roaming\Malwarebytes
    2012-05-04 13:04:32 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-05-04 13:04:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-05-04 13:04:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-04 12:24:03 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-05-04 12:23:57 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B9E2930-8DE8-4119-872A-594CB4B74252}\mpengine.dll
    2012-05-01 15:02:31 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-04-28 22:36:16 -------- d-----w- C:\Users\Laura\AppData\Local\SugarSync
    2012-04-28 22:35:58 -------- d-----w- C:\Program Files (x86)\SugarSync
    2012-04-28 04:31:27 -------- d-----w- C:\Users\Laura\AppData\Roaming\SmarThru4
    2012-04-28 04:31:12 36864 ------w- C:\Windows\SysWow64\SvcMan.exe
    2012-04-28 04:29:52 53816 ----a-w- C:\Windows\System32\drivers\DGIVECP.SYS
    2012-04-28 04:29:52 11576 ----a-w- C:\Windows\System32\drivers\SSPORT.SYS
    2012-04-28 04:29:50 -------- d-----w- C:\Program Files (x86)\Samsung
    2012-04-22 01:37:19 -------- d-----w- C:\Users\Laura\AppData\Local\Aimersoft
    2012-04-22 01:37:17 -------- d-----w- C:\Program Files (x86)\Common Files\Aimersoft
    2012-04-22 01:36:39 -------- d-----w- C:\Program Files (x86)\Aimersoft
    2012-04-21 23:02:27 -------- d-----w- C:\Program Files (x86)\BitTorrent
    2012-04-21 23:01:01 -------- d-----w- C:\Users\Laura\AppData\Roaming\BitTorrent
    2012-04-14 21:58:56 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-14 21:58:55 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-14 21:58:55 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-14 21:58:50 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-14 21:58:50 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-14 21:58:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-14 21:58:49 5120 ----a-w- C:\Windows\System32\wmi.dll
    .
    ==================== Find3M ====================
    .
    2012-05-04 12:17:40 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-07 18:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2011-11-11 23:47:54 49224704 ----a-w- C:\Program Files (x86)\ATLAS.ti 6.2.msi
    2011-04-21 03:07:36 509 ----a-w- C:\Program Files (x86)\layout.bin
    2010-04-20 01:11:04 381060 ----a-w- C:\Program Files (x86)\_Setup.dll
    2010-04-20 01:10:50 459432 ----a-w- C:\Program Files (x86)\setup.exe
    2010-04-20 01:10:44 492164 ----a-w- C:\Program Files (x86)\ISSetup.dll
    .
    ============= FINISH: 6:57:03.04 ===============

    DDS attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/11/2011 10:06:59 AM
    System Uptime: 04/05/2012 5:17:13 AM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K53E
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 782/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 575 GiB total, 462.388 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ??????? Windows Live Mesh ActiveX ??(????)
    ??????? Windows Live Mesh ActiveX ???
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Download Assistant
    Adobe InDesign CS5.5
    Adobe Media Player
    Alcor Micro USB Card Reader
    Apple Application Support
    Apple Software Update
    ASUS AI Recovery
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    AsusScr_K3 Series_ENG
    AsusVibe2.0
    ATK Package
    ATLAS.ti 6.2
    Audacity 1.3.13 (Unicode)
    BitTorrent
    Cisco AnyConnect VPN Client
    Complemento Messenger
    Complément Messenger
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    Cooking Dash
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Dropbox
    Evernote v. 4.5.4
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Google Chrome
    Google Desktop
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Junk Mail filter update
    Mahjongg dimensions
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mendeley Desktop 1.5-dev3
    Mesh Runtime
    Messenger ????
    Messenger ?????
    Messenger Companion
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 11.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser (KB973685)
    Nuance PDF Reader
    OpenVPN 2.1.4
    PDF Settings CS5
    Realtek High Definition Audio Driver
    Samsung SCX-4x21 Series
    Samsung Universal Print Driver
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Skype™ 5.8
    SmarThru 4
    SmarThru PC Fax
    Sonic Focus
    SugarSync Manager
    syncables desktop SE
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    VLC media player 1.1.11
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    27/04/2012 9:20:49 PM, Error: Service Control Manager [7023] - The Google Software Updater service terminated with the following error: %%-2147024894
    04/05/2012 5:20:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    04/05/2012 5:20:04 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    04/05/2012 5:17:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    04/05/2012 5:17:35 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    04/05/2012 5:17:35 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Good Morning Laura. I just happened to get back on the board right after you posted. Give me a few minutes to review these logs and I'll return with instructions.
    ------------------------------------------------
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay, I see a Trojan Downloader and a Worm so far. I'd like you to run both of the following scans. They should find related entries and possibly additionally entries:

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===============================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    --------------------------------
    Please leave both of these logs in your next reply. The desktop problem is likely due to the malware. As long as you have access to the desktop, we won't change it now. If you lose access all together, let me know. Otherwise the change can be handled later.

    As to the 'slow' part. You are running a large number of processes that don't need to be running unless you are actively using the program. If these start on boot, then run in the background, putting surfing temporary internet files on top of them can slow you down. Let's clean up and we'll address that issue later.
  4. melia232

    melia232 Newcomer, in training Topic Starter

    Hi Bobbye,

    Thanks so much for your help. I've copied and pasted the Combofix log. The ESET Online Scanner finished scan and "No threats found." Any help with the 'slow' part is obviously appreciated! I do have access to change desktop preferences.

    ComboFix 12-05-05.05 - Laura 04/05/2012 22:48:04.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5922.3811 [GMT -7:00]
    Running from: c:\users\Laura\Downloads\ComboFix.exe
    AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-04 13:04 . 2012-05-04 13:04 -------- d-----w- c:\users\Laura\AppData\Roaming\Malwarebytes
    2012-05-04 13:04 . 2012-05-04 13:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-04 13:04 . 2012-05-04 13:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-04 13:04 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-04 12:23 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B9E2930-8DE8-4119-872A-594CB4B74252}\mpengine.dll
    2012-05-01 15:02 . 2012-02-23 17:18 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-04-28 22:36 . 2012-04-28 23:17 -------- d-----w- c:\users\Laura\AppData\Local\SugarSync
    2012-04-28 22:35 . 2012-04-28 22:36 -------- d-----w- c:\program files (x86)\SugarSync
    2012-04-28 04:31 . 2012-04-28 04:31 -------- d-----w- c:\users\Laura\AppData\Roaming\SmarThru4
    2012-04-28 04:31 . 2009-10-06 07:05 36864 ------w- c:\windows\SysWow64\SvcMan.exe
    2012-04-28 04:29 . 2009-10-06 07:05 11576 ----a-w- c:\windows\system32\drivers\SSPORT.SYS
    2012-04-28 04:29 . 2009-10-06 07:02 53816 ----a-w- c:\windows\system32\drivers\DGIVECP.SYS
    2012-04-28 04:29 . 2012-04-28 04:29 -------- d-----w- c:\program files (x86)\Samsung
    2012-04-22 23:34 . 2012-04-22 23:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-04-22 01:37 . 2012-04-22 01:37 -------- d-----w- c:\users\Laura\AppData\Local\Aimersoft
    2012-04-22 01:37 . 2012-04-22 01:37 -------- d-----w- c:\program files (x86)\Common Files\Aimersoft
    2012-04-22 01:36 . 2012-04-22 01:43 -------- d-----w- c:\program files (x86)\Aimersoft
    2012-04-21 23:02 . 2012-04-21 23:02 -------- d-----w- c:\program files (x86)\BitTorrent
    2012-04-21 23:01 . 2012-04-22 22:15 -------- d-----w- c:\users\Laura\AppData\Roaming\BitTorrent
    2012-04-14 21:58 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-14 21:58 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-14 21:58 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-14 21:58 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-14 21:58 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-14 21:58 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-14 21:58 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 06:00 . 2011-05-04 00:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2012-04-01 16:49 . 2012-04-01 16:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-04-01 16:49 . 2012-04-01 16:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-04-01 16:49 . 2012-04-01 16:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-04-01 16:49 . 2012-04-01 16:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-04-01 16:49 . 2012-04-01 16:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-04-01 16:49 . 2012-04-01 16:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-04-01 16:49 . 2012-04-01 16:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-04-01 16:49 . 2012-04-01 16:49 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-04-01 16:49 . 2012-04-01 16:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-04-01 16:49 . 2012-04-01 16:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-04-01 16:49 . 2012-04-01 16:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-04-01 16:49 . 2012-04-01 16:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-04-01 16:49 . 2012-04-01 16:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-04-01 16:49 . 2012-04-01 16:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-04-01 16:49 . 2012-04-01 16:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-04-01 16:49 . 2012-04-01 16:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-04-01 16:49 . 2012-04-01 16:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-04-01 16:49 . 2012-04-01 16:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-04-01 16:49 . 2012-04-01 16:49 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-04-01 16:49 . 2012-04-01 16:49 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-04-01 16:49 . 2012-04-01 16:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-04-01 16:49 . 2012-04-01 16:49 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-04-01 16:49 . 2012-04-01 16:49 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-04-01 16:49 . 2012-04-01 16:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-04-01 16:49 . 2012-04-01 16:49 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-04-01 16:49 . 2012-04-01 16:49 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-04-01 16:49 . 2012-04-01 16:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-04-01 16:49 . 2012-04-01 16:49 448512 ----a-w- c:\windows\system32\html.iec
    2012-04-01 16:49 . 2012-04-01 16:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-04-01 16:49 . 2012-04-01 16:49 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-04-01 16:49 . 2012-04-01 16:49 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-04-01 16:49 . 2012-04-01 16:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-04-01 16:49 . 2012-04-01 16:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-04-01 16:49 . 2012-04-01 16:49 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-02-17 06:38 . 2012-03-15 03:28 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 05:34 . 2012-03-15 03:28 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58 . 2012-03-15 03:28 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:57 . 2012-03-15 03:28 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-10 06:36 . 2012-03-15 03:28 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:38 . 2012-03-15 03:28 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2011-11-11 23:47 . 2011-11-11 23:58 49224704 ----a-w- c:\program files (x86)\ATLAS.ti 6.2.msi
    2011-04-21 03:07 . 2011-04-21 03:07 509 ----a-w- c:\program files (x86)\layout.bin
    2010-04-20 01:11 . 2010-04-20 01:11 381060 ----a-w- c:\program files (x86)\_Setup.dll
    2010-04-20 01:10 . 2010-04-20 01:10 459432 ----a-w- c:\program files (x86)\setup.exe
    2010-04-20 01:10 . 2010-04-20 01:10 492164 ----a-w- c:\program files (x86)\ISSetup.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-11-12 30192]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-3-22 1014112]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-3 548528]
    FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-5-3 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 135664]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-11-12 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 135664]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
    S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048]
    S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192]
    S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 1120368]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x]
    S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x]
    S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 00:04]
    .
    2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 00:04]
    .
    2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224219832-3818582047-2716476788-1001Core.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 23:14]
    .
    2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224219832-3818582047-2716476788-1001UA.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 23:14]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-03 2188904]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\q1gzn1rn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - user.js: general.useragent.extra.brc -
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    c:\windows\AsScrPro.exe
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-04 23:11:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-05 06:11
    .
    Pre-Run: 496,554,024,960 bytes free
    Post-Run: 497,248,194,560 bytes free
    .
    - - End Of File - - B5242230847DF20BA002FF6DF5138496
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I'm still going through Combofix and DDS to set up script for removals- but you should look into this first, sine "slow" is the main complaint:

    Your system is totally overburdened with PDF software! Most is from Adobe and their software is always bloated:

    You have all of the following. They are redundant and depleting the system resources:

    1. Acrobat.com is a suite of hosted PDF conversion and document exchange services from Adobe Systems. It includes the original service – Acrobat.com – as well as Adobe CreatePDF, Adobe ExportPDF, Adobe EchoSign, Adobe FormsCentral, and Adobe SendNow. Users access each of the services through their web browser.
    2. Adobe Acrobat 9 Pro - English, Français, Deutsch
    3. PDF Settings CS5
    4. Acrobat Assistant 8.0 > File Name:Acrotray.exe> user comments:
    5. AdobeCS5.5ServiceManager> launchedbylogin> File Name: CS5.5ServiceManager.exe
    There are also individual Adobe processes that may be part of the above programs or may be separate programs
    6. Nuance PDF Reader-reminder> Related to Nuance PDF registration software> Located in \%Program Files%\Nuance\PDF Create\Ereg

    I'd like you to go through these processes. See what each does- don't duplicate.
    There is more, but I can't finish it up tonight. So if you have time, find what each of these does and don't duplicate. It's okay to go ahead and uninstall duplicating programs, then use Windows explorer to access Computer> Local Drive> Programs> find program folders for uninstalled programs and do a right click> Delete.

    I can remove any left over entries using script in Combofix. So far, I think there is just too much running and depleting the system resources.
  6. melia232

    melia232 Newcomer, in training Topic Starter

    Excellent point, thank you. I uninstalled (1) Acrobat.com, and (6) Nuance PDF reader. I uninstalled Adobe CS5.5, so I think that took care of (3) and (5). I couldn't find Acrobat Assistant 8.0 so I don't know where that was hiding. I want to keep Adobe Acrobat 9 Pro. I deleted all the files in Computer> Local Drive> Programs> that I thought I could. What can I do next?
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay, I think this gets the rest of the Adobe processes for the programs you uninstalled:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    FileLook::
    c:\program files (x86)\_Setup.dll
    c:\program files (x86)\setup.exe
    Folder::
    c:\program files (x86)\BitTorrent
    c:\users\Laura\AppData\Roaming\BitTorrent
    DDS::
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UpdateLBPShortCut"=-
    "UpdateP2GoShortCut"=-
    "Nuance PDF Reader-reminder"=-
    "Adobe Acrobat Speed Launcher"=-
    "Acrobat Assistant 8.0"=-
    "AdobeCS5.5ServiceManager"=-
    "AdobeAAMUpdater-1.0"=-
    Clearjavacache::
     
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    These entries are in the Installed programs in the DDS Attach.txt log:

    I don't know why the question marks are there and I don't know what the Active X entries are for. You should chexk the installed programs in Add/Remove Programs and remove any related entries. Also check the Startup Menu and make sure none of the above are checked to start on boot.
    ===================================================
    Reboot when finished. Then go ahead with last scan:
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ==========================================
    I'll check the new logs when you're finished. Please let me know how the system is doing.

    By the way, I removed some CyberLink auto-updaters you don't need. And NO CyberLink processes need to be checked on the Startup Menu/
  8. melia232

    melia232 Newcomer, in training Topic Starter

    Hi, thank you again!

    I ran combofix as you described. After dragging the CFScript.txt file onto combofix.exe. Combofix asked me to update which I did. Log pasted below. I am just about to download Hijack this and finish the instructions.

    ComboFix 12-05-06.03 - Laura 06/05/2012 17:21:35.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5922.4232 [GMT -7:00]
    Running from: c:\users\Laura\Downloads\ComboFix.exe
    Command switches used :: c:\users\Laura\Downloads\CFScript.txt.txt
    AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\7z.exe
    c:\program files (x86)\BitTorrent
    c:\program files (x86)\BitTorrent\BitTorrent.exe
    c:\users\Laura\AppData\Roaming\BitTorrent
    c:\users\Laura\AppData\Roaming\BitTorrent\apps\3609FC884502A1DF0AA5D9D160C827BB1BD51FC9.btapp
    c:\users\Laura\AppData\Roaming\BitTorrent\apps\player.btapp
    c:\users\Laura\AppData\Roaming\BitTorrent\apps\plus.btapp
    c:\users\Laura\AppData\Roaming\BitTorrent\apps\welcome-upsell.btapp
    c:\users\Laura\AppData\Roaming\BitTorrent\dht.dat
    c:\users\Laura\AppData\Roaming\BitTorrent\dht_feed.dat
    c:\users\Laura\AppData\Roaming\BitTorrent\dht_feed.dat.old
    c:\users\Laura\AppData\Roaming\BitTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
    c:\users\Laura\AppData\Roaming\BitTorrent\dlimagecache\32F529521A3DEC709F97F761F192AABF29BDC408
    c:\users\Laura\AppData\Roaming\BitTorrent\Game.of.Thrones.S02E01.HDTV.RM-ASAP.mp4.torrent
    c:\users\Laura\AppData\Roaming\BitTorrent\Game.of.Thrones.S02E02.HDTV.x264-ASAP.mp4.torrent
    c:\users\Laura\AppData\Roaming\BitTorrent\Game.of.Thrones.S02E03.HDTV.x264-ASAP.mp4.torrent
    c:\users\Laura\AppData\Roaming\BitTorrent\resume.dat
    c:\users\Laura\AppData\Roaming\BitTorrent\resume.dat.old
    c:\users\Laura\AppData\Roaming\BitTorrent\rss.dat
    c:\users\Laura\AppData\Roaming\BitTorrent\settings.dat
    c:\users\Laura\AppData\Roaming\BitTorrent\settings.dat.old
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-07 00:31 . 2012-05-07 00:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-07 00:00 . 2012-05-07 00:00 -------- d-----w- c:\users\Laura\AppData\Local\Adobe
    2012-05-04 13:04 . 2012-05-04 13:04 -------- d-----w- c:\users\Laura\AppData\Roaming\Malwarebytes
    2012-05-04 13:04 . 2012-05-04 13:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-04 13:04 . 2012-05-04 13:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-04 13:04 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-04 12:23 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B9E2930-8DE8-4119-872A-594CB4B74252}\mpengine.dll
    2012-05-01 15:02 . 2012-02-23 17:18 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-04-28 22:36 . 2012-04-28 23:17 -------- d-----w- c:\users\Laura\AppData\Local\SugarSync
    2012-04-28 22:35 . 2012-04-28 22:36 -------- d-----w- c:\program files (x86)\SugarSync
    2012-04-28 04:31 . 2012-04-28 04:31 -------- d-----w- c:\users\Laura\AppData\Roaming\SmarThru4
    2012-04-28 04:31 . 2009-10-06 07:05 36864 ------w- c:\windows\SysWow64\SvcMan.exe
    2012-04-28 04:29 . 2009-10-06 07:05 11576 ----a-w- c:\windows\system32\drivers\SSPORT.SYS
    2012-04-28 04:29 . 2009-10-06 07:02 53816 ----a-w- c:\windows\system32\drivers\DGIVECP.SYS
    2012-04-28 04:29 . 2012-04-28 04:29 -------- d-----w- c:\program files (x86)\Samsung
    2012-04-22 23:34 . 2012-04-22 23:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-04-22 01:37 . 2012-04-22 01:37 -------- d-----w- c:\users\Laura\AppData\Local\Aimersoft
    2012-04-22 01:37 . 2012-04-22 01:37 -------- d-----w- c:\program files (x86)\Common Files\Aimersoft
    2012-04-22 01:36 . 2012-04-22 01:43 -------- d-----w- c:\program files (x86)\Aimersoft
    2012-04-14 21:58 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-14 21:58 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-14 21:58 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-14 21:58 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-14 21:58 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-14 21:58 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-14 21:58 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-07 00:32 . 2011-05-04 00:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2012-04-01 16:49 . 2012-04-01 16:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-04-01 16:49 . 2012-04-01 16:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-04-01 16:49 . 2012-04-01 16:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-04-01 16:49 . 2012-04-01 16:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-04-01 16:49 . 2012-04-01 16:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-04-01 16:49 . 2012-04-01 16:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-04-01 16:49 . 2012-04-01 16:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-04-01 16:49 . 2012-04-01 16:49 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-04-01 16:49 . 2012-04-01 16:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-04-01 16:49 . 2012-04-01 16:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-04-01 16:49 . 2012-04-01 16:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-04-01 16:49 . 2012-04-01 16:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-04-01 16:49 . 2012-04-01 16:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-04-01 16:49 . 2012-04-01 16:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-04-01 16:49 . 2012-04-01 16:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-04-01 16:49 . 2012-04-01 16:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-04-01 16:49 . 2012-04-01 16:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-04-01 16:49 . 2012-04-01 16:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-04-01 16:49 . 2012-04-01 16:49 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-04-01 16:49 . 2012-04-01 16:49 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-04-01 16:49 . 2012-04-01 16:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-04-01 16:49 . 2012-04-01 16:49 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-04-01 16:49 . 2012-04-01 16:49 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-04-01 16:49 . 2012-04-01 16:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-04-01 16:49 . 2012-04-01 16:49 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-04-01 16:49 . 2012-04-01 16:49 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-04-01 16:49 . 2012-04-01 16:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-04-01 16:49 . 2012-04-01 16:49 448512 ----a-w- c:\windows\system32\html.iec
    2012-04-01 16:49 . 2012-04-01 16:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-04-01 16:49 . 2012-04-01 16:49 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-04-01 16:49 . 2012-04-01 16:49 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-04-01 16:49 . 2012-04-01 16:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-04-01 16:49 . 2012-04-01 16:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-04-01 16:49 . 2012-04-01 16:49 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-02-17 06:38 . 2012-03-15 03:28 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 05:34 . 2012-03-15 03:28 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58 . 2012-03-15 03:28 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:57 . 2012-03-15 03:28 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-10 06:36 . 2012-03-15 03:28 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:38 . 2012-03-15 03:28 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-05_06.01.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-04 00:48 . 2012-05-07 00:33 48244 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-07 00:33 29398 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2011-11-12 18:02 . 2012-05-05 05:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-11-12 18:02 . 2012-05-05 23:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-11-12 18:02 . 2012-05-05 23:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-11-12 18:02 . 2012-05-05 05:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-05 05:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-05 23:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-11-11 18:08 . 2012-05-07 00:33 8624 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-224219832-3818582047-2716476788-1001_UserData.bin
    - 2012-05-05 06:00 . 2012-05-05 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-05-07 00:31 . 2012-05-07 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-05-07 00:31 . 2012-05-07 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-05-05 06:00 . 2012-05-05 06:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-14 03:19 . 2012-05-07 00:00 276318 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2011-11-12 21:41 . 2012-05-06 01:01 269872 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-07-14 05:01 . 2012-05-05 05:59 477452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-05-07 00:31 477452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:45 . 2012-05-06 15:38 4982792 c:\windows\system32\FNTCACHE.DAT
    + 2011-05-03 10:09 . 2012-05-07 00:31 2451984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-11-11 19:49 . 2012-05-07 00:31 40486228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-224219832-3818582047-2716476788-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-11-12 30192]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-3-22 1014112]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-3 548528]
    FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-5-3 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 135664]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-11-12 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 135664]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
    S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048]
    S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-19 494192]
    S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-19 1120368]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x]
    S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x]
    S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 00:04]
    .
    2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 00:04]
    .
    2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224219832-3818582047-2716476788-1001Core.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 23:14]
    .
    2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224219832-3818582047-2716476788-1001UA.job
    - c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 23:14]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
    "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-03 2188904]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
    "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\q1gzn1rn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - user.js: general.useragent.extra.brc -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
    c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-06 17:41:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-07 00:41
    ComboFix2.txt 2012-05-05 06:11
    .
    Pre-Run: 500,792,483,840 bytes free
    Post-Run: 500,733,349,888 bytes free
    .
    - - End Of File - - 1FFE074D9BE706995743BC033BD46041
  9. melia232

    melia232 Newcomer, in training Topic Starter

    Ok I uninstalled all the ActiveX programs (there were 3?!) because I don't even know what it does and I googled it and didn't seem like something I needed. I checked the Startup menu and confirmed none of the crap, including Cyberlink was checked to start on boot. Here is the log from HijackThis.

    System is faster, not superfast, but it isn't a very good computer in any case! I'm also using firefox though right now and I've always found it really slow. I'm still getting the iTunes startup error and google chrome won't open, but I haven't even tried to fix yet, I'm sure I can. I have access to changing the desktop picture.

    Thank you !
    Laura

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:37:24 PM, on 06/05/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
    C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
    O4 - Startup: Dropbox.lnk = Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    O4 - Global Startup: FancyStart daemon.lnk = ?
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
    O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
    O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
    O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - (no file) (HKCU)
    O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - (no file) (HKCU)
    O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - (no file) (HKCU)
    O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: VMware View Client (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    O23 - Service: VMware View USB Control (wsnm_usbctrl) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe

    --
    End of file - 14986 bytes
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I left the IE: Append.... and the IE: Convert [/B]entries out of the script because I didn't know if they were used in the Adobe Acrobat Pro 9 program. There are 2 appends and 2 xonverts in IE. If these aren't used in the program you kept, you can remove them

    There are all part of AcroIEFavClient.dll for Toolbars in Adobe Acrobat.You should be able to find these Avtive X objects in Tools> Manage Add-ons.
    ==============================================================
    They are also listed in HijackThis. If you want to remove them>>>>

    Please reopen HijackThis to 'do system scan only '. Click all of the following if listed:

    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html


    Close all of the Windows except HijackThis and click on "Fix Checked."
    ======================================================
    Hopefully you will have gained some speed. A tip>Look through the Asus entries sometime. They were pre-loaded on the system and you may not use all of them. You can uninstall those you don't:
    =======================================================
    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin

    Let me know if you have any questions.
  11. melia232

    melia232 Newcomer, in training Topic Starter

    Hi Bobbye, you have my eternal gratitude. I've just had to take a business trip, but will implement these measures as soon as I get back. I really appreciate your help. I hope the world returns your good karma.

    Cheers,
    Laura
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You're welcome Laura. I will take whatever good karma I can get! Been running a bit short of that lately.

    I'm going to close the thread since we handled the problem. The system is clean and should have speeded up a bit.

    Run this once in a while so the files don't pile up:TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

    TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.