Inactive I think I might have a virus...

[Craig Tyler]

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.21.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
supernatural :: SUPERNATURAL-PC [administrator]

10/21/2012 2:39:44 PM
mbam-log-2012-10-21 (14-39-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234351
Time elapsed: 11 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

 

[Craig Tyler]

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by supernatural at 16:06:17 on 2012-10-21
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.55 [GMT -7:00]
.
AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Charter Security Suite 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\supernatural\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\supernatural\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\supernatural\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\supernatural\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50810r705l0444ww85w6582r986
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50810r705l0444ww85w6582r986
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50810r705l0444ww85w6582r986
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\supernatural\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [lime pro] "c:\program files\lime pro\LimePro.exe" -h
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\supern~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\charter security suite\fsps\program\FSLSP.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\0484F6D65683136434 : DHCPNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\3435553524D2143434543535 : DHCPNameServer = 139.182.2.1 139.182.2.6
TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\3435553524D27457563747 : DHCPNameServer = 139.182.2.1 139.182.2.6
TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\75164737F6E6 : DHCPNameServer = 68.190.192.35 71.9.127.107 68.116.46.115
TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\supernatural\appdata\roaming\mozilla\firefox\profiles\wjkb1sf8.default\
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\supernatural\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\supernatural\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-10-07 21:42; litmus-ff@f-secure.com; c:\program files\charter security suite\nrs\litmus-ff@f-secure.com
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-9-26 44240]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\hips\drivers\fshs.sys [2012-9-26 68064]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-9-26 36792]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-9-26 73160]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\charter security suite\anti-virus\minifilter\fsvista.sys [2012-9-26 12384]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\anti-virus\minifilter\fsgk.sys [2012-9-26 144592]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-2-10 54784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-2-10 82384]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2011-5-20 34376]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\charter security suite\anti-virus\win2k\fsfilter.sys [2012-9-26 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\charter security suite\anti-virus\win2k\fsrec.sys [2012-9-26 25184]
.
=============== Created Last 30 ================
.
2012-10-21 21:37:1722856----a-w-c:\windows\system32\drivers\mbam.sys
2012-10-21 21:37:16--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-10-19 23:32:486918632------w-c:\programdata\microsoft\windows defender\definition updates\{8edaf1e9-ab9b-4d55-a0aa-ae6999224099}\mpengine.dll
2012-10-14 17:58:26--------d-----w-c:\users\supernatural\appdata\roaming\F-Secure
2012-10-13 10:16:30--------d-----w-C:\Bone Thugs
2012-10-13 09:56:06--------d-----w-c:\program files\Media Player Utilities 4.36
2012-10-10 06:05:55172544----a-w-c:\windows\system32\wintrust.dll
2012-10-10 06:05:352048----a-w-c:\windows\system32\tzres.dll
2012-10-10 06:03:341159680----a-w-c:\windows\system32\crypt32.dll
2012-10-10 06:03:32140288----a-w-c:\windows\system32\cryptsvc.dll
2012-10-10 06:03:31103936----a-w-c:\windows\system32\cryptnet.dll
2012-10-10 06:02:321211760----a-w-c:\windows\system32\drivers\ntfs.sys
2012-10-10 06:02:25542208----a-w-c:\windows\system32\kerberos.dll
2012-10-10 06:02:043914096----a-w-c:\windows\system32\ntoskrnl.exe
2012-10-10 06:02:013968880----a-w-c:\windows\system32\ntkrnlpa.exe
2012-09-26 23:35:49--------d-----w-c:\users\supernatural\appdata\local\Macromedia
2012-09-26 22:23:33712048----a-w-c:\windows\system32\drivers\ndis.sys
2012-09-26 22:23:3333280----a-w-c:\windows\system32\drivers\RNDISMP.sys
2012-09-26 22:22:17492032----a-w-c:\windows\system32\win32spl.dll
2012-09-26 22:22:15317440----a-w-c:\windows\system32\spoolsv.exe
2012-09-26 22:21:55245760----a-w-c:\windows\system32\OxpsConverter.exe
2012-09-26 22:21:32400896----a-w-c:\windows\system32\srcore.dll
2012-09-26 22:21:261292144----a-w-c:\windows\system32\drivers\tcpip.sys
2012-09-26 22:21:25240496----a-w-c:\windows\system32\drivers\netio.sys
2012-09-26 22:21:25187760----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-26 22:21:032345984----a-w-c:\windows\system32\win32k.sys
2012-09-26 22:14:34164352----a-w-c:\windows\system32\profsvc.dll
2012-09-26 22:07:53769024----a-w-c:\windows\system32\localspl.dll
2012-09-26 22:07:272342400----a-w-c:\windows\system32\msi.dll
2012-09-26 22:07:09490496----a-w-c:\windows\system32\d3d10level9.dll
2012-09-26 22:06:58102912----a-w-c:\windows\system32\browser.dll
2012-09-26 22:06:5741984----a-w-c:\windows\system32\browcli.dll
2012-09-26 22:06:45129536----a-w-c:\windows\system32\rdpcorekmts.dll
2012-09-26 22:06:4458880----a-w-c:\windows\system32\rdpwsx.dll
2012-09-26 22:06:438192----a-w-c:\windows\system32\rdrmemptylst.exe
2012-09-26 21:51:5344240----a-w-c:\windows\system32\drivers\fsbts.sys
2012-09-26 21:48:0036792----a-w-c:\windows\system32\drivers\fses.sys
2012-09-26 21:47:5473160----a-w-c:\windows\system32\drivers\fsdfw.sys
2012-09-26 21:43:49--------d-----w-c:\program files\Charter Security Suite
2012-09-26 21:38:11--------d-----w-c:\programdata\fssg
2012-09-26 21:35:22--------d-----w-c:\programdata\f-secure
2012-09-26 21:19:152422272----a-w-c:\windows\system32\wucltux.dll
2012-09-26 21:16:1388576----a-w-c:\windows\system32\wudriver.dll
2012-09-26 21:13:2133792----a-w-c:\windows\system32\wuapp.exe
2012-09-26 21:13:21171904----a-w-c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-10-09 10:12:0073656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 10:12:00696760----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:59:171800704----a-w-c:\windows\system32\jscript9.dll
2012-08-24 06:51:271129472----a-w-c:\windows\system32\wininet.dll
2012-08-24 06:51:021427968----a-w-c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26142848----a-w-c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12420864----a-w-c:\windows\system32\vbscript.dll
2012-08-24 06:43:582382848----a-w-c:\windows\system32\mshtml.tlb
2012-08-20 17:40:31169984----a-w-c:\windows\system32\winsrv.dll
2012-08-20 17:40:01293376----a-w-c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58271360----a-w-c:\windows\system32\conhost.exe
2012-08-20 15:33:286144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:284608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:283584---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:283072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 16:10:22.54 ===============

 

[Craig Tyler]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 8/19/2010 2:27:09 PM
System Uptime: 10/21/2012 9:22:22 AM (7 hours ago)
.
Motherboard: Acer | | AO532h
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz | CPU | 1666/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 100.982 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP432: 10/7/2012 10:17:21 AM - Windows Update
RP433: 10/9/2012 3:00:24 AM - Windows Update
RP434: 10/12/2012 8:45:18 AM - Windows Update
RP435: 10/13/2012 2:54:54 AM - Installed Media Player Utilities 4.36
RP436: 10/13/2012 2:58:46 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP437: 10/13/2012 2:59:04 AM - Device Driver Package Install: Actions Semiconductor Co., LTD Universal Serial Bus controllers
RP438: 10/13/2012 3:01:11 AM - Windows Update
RP439: 10/14/2012 9:47:07 AM - Windows Update
RP440: 10/15/2012 4:05:20 AM - Windows Update
RP441: 10/16/2012 9:36:15 AM - Windows Update
RP442: 10/18/2012 3:00:18 AM - Windows Update
RP443: 10/20/2012 3:01:56 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Assist
Acer Crystal Eye webcam Ver:1.1.159.203
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 MUI
Apple Mobile Device Support
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon My Printer
Charter Security Suite
Compatibility Pack for the 2007 Office system
eBay Worldwide
ENE USB Card Reader Driver
eSobi v2
F-Secure PSC Prerequisites
Free M4a to MP3 Converter 6.2
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
IHA_MessageCenter
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
Media Player Utilities 4.36
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access Runtime (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 16.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MyWinLocker
Norton Online Backup
OGA Notifier 2.0.0048.0
Opera 10.62
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype Toolbars
Skype™ 5.10
STEELE Mutual Fund Expert
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 1:50:26 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.13. The computer with the IP address 192.168.0.10 did not allow the name to be claimed by this computer.
10/21/2012 1:50:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/20/2012 3:08:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).
10/20/2012 12:05:57 AM, Error: Service Control Manager [7022] - The Client Virtualization Handler service hung on starting.
10/20/2012 12:03:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82252e66, 0xa9733b90, 0xa9733770). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102012-20217-01.
10/19/2012 9:02:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the F-Secure Gatekeeper Handler Starter service.
10/19/2012 4:37:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0).
10/18/2012 3:08:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
10/18/2012 11:08:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
10/16/2012 9:45:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
10/16/2012 9:35:27 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
10/16/2012 1:18:59 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.12. The computer with the IP address 192.168.0.11 did not allow the name to be claimed by this computer.
10/14/2012 9:46:21 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.12 with the system having network hardware address FC-0F-E6-14-6F-7C. Network operations on this system may be disrupted as a result.
10/14/2012 7:38:22 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.11 with the system having network hardware address 70-F1-A1-78-7C-E9. Network operations on this system may be disrupted as a result.
10/14/2012 6:02:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/14/2012 3:06:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

I still need GMER log.

You're not saying what your computer issues are.

 

[Craig Tyler]

The major problem I'm having is my computer loading slowly becoming unresponsive for a minute or two before completely loading.

 

[Broni]

Ok

I still need GMER log.

 

[Craig Tyler]

It's too long to post, do you mind if I attach it or should I copy and paste parts of it and post it separately?

 

[Broni]

In parts please.