I have bought a Dell and it has happens to restart at random times. It can restart while surfing the web or the kids playing a web based game.It will also restart when it is idle with the monitor off. This is my wife and kids' PC, I have one right next to it. I can hear it restart when it hasn't been in use at all.
I have ran Malwarebytes and all it found was a few registry errors I will post at the end but they were caused by Pup.LivingPlay. I have also ran GMER and it didn't find anything.
here are the specs for the PC
Dell: Inspiron 580S
Intel 5i 650@3.2 GHz
8.00 GB Ram
Win 7 Home Premium 64-bit
Malwarebytes log: (run on 10-10-2011)
Database version: 7912
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
10/10/2011 12:13:18 AM
mbam-log-2011-10-10 (00-13-18).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 380305
Time elapsed: 46 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8006F89E-63A1-402A-8DB7-08A4C58F95AA} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D4256C66-8177-4E19-8A13-2D43B2282D0D} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lptlIE.TextLinks.1 (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lptlIE.TextLinks (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D 9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D929 1F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes (Ran on 10-18-2011)
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7973
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
10/18/2011 2:25:34 PM
mbam-log-2011-10-18 (14-25-34).txt
Scan type: Quick scan
Objects scanned: 205453
Time elapsed: 1 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Gmer Log
No log created
DDS File 1
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Carolyn at 14:26:43 on 2011-10-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.5964 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6F7D9FDC-D43C-44D3-9282-48F0E57F7ADC} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys --> C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111015.030\IDSviA64.sys [2011-10-17 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-9 366152]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-5-20 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-27 136824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-13 92160]
S4 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2010-12-14 16104]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-18 21:24:10 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-10-18 04:15:59 -------- d-----w- C:\Users\Carolyn\AppData\Local\{8DB9C759-6736-415F-AD90-8C03C1A654CB}
2011-10-18 04:15:49 -------- d-----w- C:\Users\Carolyn\AppData\Local\{EC128CFD-C68E-4E2F-9367-E36C2881112B}
2011-10-18 04:15:01 -------- d-----w- C:\Users\Carolyn\AppData\Local\{A7A2DEFC-A05D-4FA2-817E-8F600B752CBD}
2011-10-18 04:14:50 -------- d-----w- C:\Users\Carolyn\AppData\Local\{3A7BF8DC-8059-49DF-A21A-A19903FB06AB}
2011-10-18 03:44:03 -------- d-----w- C:\Users\Carolyn\AppData\Local\{7D5C0181-5697-4942-A996-DF54DE584F0C}
2011-10-18 03:43:52 -------- d-----w- C:\Users\Carolyn\AppData\Local\{01D8C723-E6EB-48D4-9CAD-FF648F227E5D}
2011-10-17 23:46:57 -------- d-----w- C:\Users\Carolyn\AppData\Local\LEGO Software
2011-10-17 23:43:17 -------- d-----w- C:\Program Files (x86)\LEGO Software
2011-10-14 04:12:27 -------- d-----w- C:\Program Files\iTunes
2011-10-14 04:12:27 -------- d-----w- C:\Program Files\iPod
2011-10-14 04:12:27 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-14 04:10:24 -------- d-----w- C:\Program Files\Bonjour
2011-10-14 04:10:24 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-12 11:39:22 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-12 11:39:18 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 11:39:18 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 11:39:18 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 11:39:18 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 11:39:11 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 11:39:11 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 11:39:11 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 11:39:11 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-10 06:29:54 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-10-10 06:23:50 -------- d-----w- C:\Users\Carolyn\AppData\Roaming\Malwarebytes
2011-10-10 06:23:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-10 06:23:38 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-10 06:23:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-10 06:22:49 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-10-10 06:21:09 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-10-10 06:21:04 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-10-09 03:20:51 -------- d-----w- C:\Users\Carolyn\AppData\Local\{7C4DC936-3B33-41E2-A4EF-32B830836457}
2011-10-09 03:20:39 -------- d-----w- C:\Users\Carolyn\AppData\Local\{B99403CF-A3A3-4E9F-BA78-4017B8A2BC52}
2011-10-09 03:20:30 -------- d-----w- C:\Users\Carolyn\AppData\Local\{279FB56C-3859-4C7F-A63D-E9C62E3ABD06}
2011-10-09 03:20:19 -------- d-----w- C:\Users\Carolyn\AppData\Local\{C8DBBB59-DFEB-4A8C-83A0-500776BF5E66}
2011-10-06 00:10:52 -------- d-----w- C:\Users\Carolyn\AppData\Local\{B2856487-9F1D-4DEB-AB51-3A349CBABEF2}
2011-10-06 00:10:42 -------- d-----w- C:\Users\Carolyn\AppData\Local\{8C2D5E45-06A0-41DD-9C3D-0E57487E6EEA}
2011-10-06 00:05:21 -------- d-----w- C:\Users\Carolyn\AppData\Local\{FD163E15-23F2-475E-BA10-0A109B9CE1A0}
2011-10-06 00:05:10 -------- d-----w- C:\Users\Carolyn\AppData\Local\{E024327C-43CD-4B56-B5C6-49ABFF60DC43}
2011-10-04 14:14:22 -------- d-----w- C:\Users\Carolyn\AppData\Local\{637BF3D1-CABA-44C4-A75D-12639E1CBCED}
2011-10-04 14:14:12 -------- d-----w- C:\Users\Carolyn\AppData\Local\{EE932F01-9A43-4EAF-8AE0-8771B87A7677}
2011-10-02 03:09:37 -------- d-----w- C:\Users\Carolyn\AppData\Local\{16B39072-C9EE-4CE1-BD3A-C4CB44F69998}
2011-10-02 03:09:26 -------- d-----w- C:\Users\Carolyn\AppData\Local\{FC3493E0-F016-4DEA-B45F-86C2DBB4FD43}
2011-10-02 03:09:14 -------- d-----w- C:\Users\Carolyn\AppData\Local\{10F72686-A554-40D1-A81E-15C340EB4105}
2011-10-02 03:09:04 -------- d-----w- C:\Users\Carolyn\AppData\Local\{26ECD222-11A0-4962-990F-E0DFFEB3025D}
2011-10-01 04:09:36 -------- d-----w- C:\Users\Carolyn\AppData\Local\{8864F4D1-565B-4390-9951-270192F950BD}
2011-10-01 04:09:26 -------- d-----w- C:\Users\Carolyn\AppData\Local\{6A2DA8B3-DD80-4353-845D-40334816C047}
2011-09-23 03:51:17 -------- d-----w- C:\Users\Carolyn\AppData\Local\{011B6625-8300-4827-8240-45DEB9EEB625}
2011-09-23 03:51:07 -------- d-----w- C:\Users\Carolyn\AppData\Local\{5A9FE0B9-6C5B-44EA-9F32-D4C12467B3EC}
2011-09-23 03:50:58 -------- d-----w- C:\Users\Carolyn\AppData\Local\{1643CDBB-9734-4DFF-B86E-A287AD1AD28E}
2011-09-23 03:50:48 -------- d-----w- C:\Users\Carolyn\AppData\Local\{68CFFD90-588D-4F69-9968-0E4A2E214F81}
.
==================== Find3M ====================
.
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 14:30:24 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-08-31 06:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 06:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 06:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 06:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 06:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-21 22:56:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:27:01.09 ===============
I have ran Malwarebytes and all it found was a few registry errors I will post at the end but they were caused by Pup.LivingPlay. I have also ran GMER and it didn't find anything.
here are the specs for the PC
Dell: Inspiron 580S
Intel 5i 650@3.2 GHz
8.00 GB Ram
Win 7 Home Premium 64-bit
Malwarebytes log: (run on 10-10-2011)
Database version: 7912
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
10/10/2011 12:13:18 AM
mbam-log-2011-10-10 (00-13-18).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 380305
Time elapsed: 46 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8006F89E-63A1-402A-8DB7-08A4C58F95AA} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D4256C66-8177-4E19-8A13-2D43B2282D0D} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lptlIE.TextLinks.1 (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lptlIE.TextLinks (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D 9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D929 1F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes (Ran on 10-18-2011)
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7973
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
10/18/2011 2:25:34 PM
mbam-log-2011-10-18 (14-25-34).txt
Scan type: Quick scan
Objects scanned: 205453
Time elapsed: 1 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Gmer Log
No log created
DDS File 1
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Carolyn at 14:26:43 on 2011-10-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.5964 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6F7D9FDC-D43C-44D3-9282-48F0E57F7ADC} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys --> C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111015.030\IDSviA64.sys [2011-10-17 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-9 366152]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-5-20 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-27 136824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-13 92160]
S4 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2010-12-14 16104]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-18 21:24:10 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-10-18 04:15:59 -------- d-----w- C:\Users\Carolyn\AppData\Local\{8DB9C759-6736-415F-AD90-8C03C1A654CB}
2011-10-18 04:15:49 -------- d-----w- C:\Users\Carolyn\AppData\Local\{EC128CFD-C68E-4E2F-9367-E36C2881112B}
2011-10-18 04:15:01 -------- d-----w- C:\Users\Carolyn\AppData\Local\{A7A2DEFC-A05D-4FA2-817E-8F600B752CBD}
2011-10-18 04:14:50 -------- d-----w- C:\Users\Carolyn\AppData\Local\{3A7BF8DC-8059-49DF-A21A-A19903FB06AB}
2011-10-18 03:44:03 -------- d-----w- C:\Users\Carolyn\AppData\Local\{7D5C0181-5697-4942-A996-DF54DE584F0C}
2011-10-18 03:43:52 -------- d-----w- C:\Users\Carolyn\AppData\Local\{01D8C723-E6EB-48D4-9CAD-FF648F227E5D}
2011-10-17 23:46:57 -------- d-----w- C:\Users\Carolyn\AppData\Local\LEGO Software
2011-10-17 23:43:17 -------- d-----w- C:\Program Files (x86)\LEGO Software
2011-10-14 04:12:27 -------- d-----w- C:\Program Files\iTunes
2011-10-14 04:12:27 -------- d-----w- C:\Program Files\iPod
2011-10-14 04:12:27 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-14 04:10:24 -------- d-----w- C:\Program Files\Bonjour
2011-10-14 04:10:24 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-12 11:39:22 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-12 11:39:18 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 11:39:18 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 11:39:18 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 11:39:18 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 11:39:11 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 11:39:11 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 11:39:11 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 11:39:11 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-10 06:29:54 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-10-10 06:23:50 -------- d-----w- C:\Users\Carolyn\AppData\Roaming\Malwarebytes
2011-10-10 06:23:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-10 06:23:38 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-10 06:23:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-10 06:22:49 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-10-10 06:21:09 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-10-10 06:21:04 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-10-09 03:20:51 -------- d-----w- C:\Users\Carolyn\AppData\Local\{7C4DC936-3B33-41E2-A4EF-32B830836457}
2011-10-09 03:20:39 -------- d-----w- C:\Users\Carolyn\AppData\Local\{B99403CF-A3A3-4E9F-BA78-4017B8A2BC52}
2011-10-09 03:20:30 -------- d-----w- C:\Users\Carolyn\AppData\Local\{279FB56C-3859-4C7F-A63D-E9C62E3ABD06}
2011-10-09 03:20:19 -------- d-----w- C:\Users\Carolyn\AppData\Local\{C8DBBB59-DFEB-4A8C-83A0-500776BF5E66}
2011-10-06 00:10:52 -------- d-----w- C:\Users\Carolyn\AppData\Local\{B2856487-9F1D-4DEB-AB51-3A349CBABEF2}
2011-10-06 00:10:42 -------- d-----w- C:\Users\Carolyn\AppData\Local\{8C2D5E45-06A0-41DD-9C3D-0E57487E6EEA}
2011-10-06 00:05:21 -------- d-----w- C:\Users\Carolyn\AppData\Local\{FD163E15-23F2-475E-BA10-0A109B9CE1A0}
2011-10-06 00:05:10 -------- d-----w- C:\Users\Carolyn\AppData\Local\{E024327C-43CD-4B56-B5C6-49ABFF60DC43}
2011-10-04 14:14:22 -------- d-----w- C:\Users\Carolyn\AppData\Local\{637BF3D1-CABA-44C4-A75D-12639E1CBCED}
2011-10-04 14:14:12 -------- d-----w- C:\Users\Carolyn\AppData\Local\{EE932F01-9A43-4EAF-8AE0-8771B87A7677}
2011-10-02 03:09:37 -------- d-----w- C:\Users\Carolyn\AppData\Local\{16B39072-C9EE-4CE1-BD3A-C4CB44F69998}
2011-10-02 03:09:26 -------- d-----w- C:\Users\Carolyn\AppData\Local\{FC3493E0-F016-4DEA-B45F-86C2DBB4FD43}
2011-10-02 03:09:14 -------- d-----w- C:\Users\Carolyn\AppData\Local\{10F72686-A554-40D1-A81E-15C340EB4105}
2011-10-02 03:09:04 -------- d-----w- C:\Users\Carolyn\AppData\Local\{26ECD222-11A0-4962-990F-E0DFFEB3025D}
2011-10-01 04:09:36 -------- d-----w- C:\Users\Carolyn\AppData\Local\{8864F4D1-565B-4390-9951-270192F950BD}
2011-10-01 04:09:26 -------- d-----w- C:\Users\Carolyn\AppData\Local\{6A2DA8B3-DD80-4353-845D-40334816C047}
2011-09-23 03:51:17 -------- d-----w- C:\Users\Carolyn\AppData\Local\{011B6625-8300-4827-8240-45DEB9EEB625}
2011-09-23 03:51:07 -------- d-----w- C:\Users\Carolyn\AppData\Local\{5A9FE0B9-6C5B-44EA-9F32-D4C12467B3EC}
2011-09-23 03:50:58 -------- d-----w- C:\Users\Carolyn\AppData\Local\{1643CDBB-9734-4DFF-B86E-A287AD1AD28E}
2011-09-23 03:50:48 -------- d-----w- C:\Users\Carolyn\AppData\Local\{68CFFD90-588D-4F69-9968-0E4A2E214F81}
.
==================== Find3M ====================
.
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 14:30:24 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-08-31 06:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 06:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 06:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 06:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 06:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-21 22:56:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:27:01.09 ===============