Solved Someone please help me analyze this HJT log appreciate it

[marcela]

hi, if anyone would be so kind to help.
I took my laptop to best buy and they just want to wipe my hd but I don't want to do that b/c I have lots of photos and just don't want to reinstall drivers etc.
here is the log
thank you in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:10:16 PM, on 5/31/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode
Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scbwi.org/Pages.aspx/Who-We-Are---What-We-Do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ADSMTray] "C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lauren Carrion\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Lauren Carrion\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10853 bytes

 

[Bobbye]

Welcome to TechSpot! We do not screen for malware using HijackThis.

If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=============================================
Please describe what problems you are experiencing.
============================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

 

[marcela]

Thank you for you quick response. I will start right away I have kaspersky as the antivirus and in your preliminary list it says to scan your computer first. so that's ok correct? its just that I was a bit confuse from your note it said if you already had any scanning programs on the computer to please remove them and download the version. I should just go ahead and run the antivirus software correct?

 

[Bobbye]

No, you do not need to scan with Kaspersky at this point. And for these preliminary programs, you do not need to disable the security programs. That will come later and will be in the instructions.

 

[marcela]

ok so I will go straight to step 2 Malwarebytes

 

[Bobbye]

Fine. Leave the logs when you're finished.

 

[marcela]

good morning I will past the following mbytes, gmer and the dds log
thank you for your help

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.01.05
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Lauren Carrion :: CARRION-PC [administrator]
Protection: Enabled
6/2/2012 10:09:21 AM
mbam-log-2012-06-02 (10-09-21).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359540
Time elapsed: 5 hour(s), 14 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
_____________________________________________
gmer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-03 00:19:30
Windows 6.0.6002 Service Pack 2
Running: gmer.exe

---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 1040 bytes
File C:\ADSM_PData_0150\DB\VL.db 6160 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Users\Lauren Carrion\Safe Doc 0 bytes
File C:\Users\Lauren Carrion\Safe Doc\_avt 512 bytes
File C:\Users\Lauren Carrion\Safe Doc\_lit 512 bytes
File C:\Users\Lauren Carrion\Safe Music 0 bytes
File C:\Users\Lauren Carrion\Safe Music\_avt 512 bytes
File C:\Users\Lauren Carrion\Safe Music\_lit 512 bytes
File C:\Users\Lauren Carrion\Safe Video 0 bytes
File C:\Users\Lauren Carrion\Safe Video\_avt 512 bytes
File C:\Users\Lauren Carrion\Safe Video\_lit 512 bytes
---- EOF - GMER 1.0.15 ----
__________________________________________________________________________
dds log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lauren Carrion at 0:30:46 on 2012-06-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.1952 [GMT -4:00]
.
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Lauren Carrion\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Users\Lauren Carrion\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\splwow64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.scbwi.org/Pages.aspx/Who-We-Are---What-We-Do
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Lauren Carrion\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Lauren Carrion\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ADSMTray] "C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\LAUREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{A9FEB6D7-9C52-49FC-B956-7AB275B78890}\_5598CE641C54B66A23693F.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 172.16.0.193 172.16.0.194 172.16.0.191 172.16.0.192
TCP: Interfaces\{44B3983C-2406-4139-A7E3-D11EBC9A10D4} : DhcpNameServer = 172.16.0.193 172.16.0.194 172.16.0.191 172.16.0.192
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [ADSMTray] "C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\system32\DRIVERS\CSCrySec.sys --> C:\Windows\system32\DRIVERS\CSCrySec.sys [?]
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys --> C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-6-26 14904]
R2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C60x64.sys --> C:\Windows\system32\DRIVERS\L1C60x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys --> C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys [?]
S3 CRFILTER;USB Mass Storage Filter;C:\Windows\system32\DRIVERS\CRFILTER.sys --> C:\Windows\system32\DRIVERS\CRFILTER.sys [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-01 18:09:04 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA01CC38-962F-4CDD-8969-F1AD9B33D4EA}\mpengine.dll
2012-06-01 17:23:46 -------- d-----w- C:\Users\Lauren Carrion\AppData\Roaming\Malwarebytes
2012-06-01 17:21:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-01 17:20:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-01 17:20:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-31 19:55:16 388096 ----a-r- C:\Users\Lauren Carrion\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-31 19:55:14 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-05-09 22:17:02 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 22:14:24 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 22:13:21 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 22:13:19 2766848 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-03-16 20:33:58 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2012-03-16 20:33:41 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
.
============= FINISH: 0:35:37.24 ===============

 

[marcela]

here is the other part from dds
the attachment log
____________________________________________________________________________________
attach log when dds was run
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/26/2009 2:03:46 PM
System Uptime: 6/2/2012 10:35:10 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | UX50V
Processor: Intel(R) Core(TM)2 Solo CPU U3500 @ 1.40GHz | Socket 478 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 327.589 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Media Player
Adobe Reader 8.3.1
Akamai NetSession Interface
Akamai NetSession Interface Service
AmIcoSingLun
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Virtual Camera
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
BandaAnchaClaro
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Express Gate
getPlus(R) Download Manager for Corel
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iRip
Java(TM) 6 Update 18
Junk Mail filter update
Kaspersky PURE
LightScribe System Software 1.14.17.1
LoJack Factory Installer
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Skype™ 5.8
SmartSound Quicktracks for Premiere Elements 9.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
6/2/2012 8:33:51 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/2/2012 8:33:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/2/2012 8:33:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/2/2012 8:33:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSVirtualDiskDrv DfsC kl1 KLIF KLIM6 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2012 8:33:18 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/2/2012 8:32:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/2/2012 8:32:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/2/2012 8:32:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/2/2012 8:32:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/2/2012 8:32:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/2/2012 8:32:12 AM, Error: EventLog [6008] - The previous system shutdown at 8:28:04 AM on 6/2/2012 was unexpected.
6/2/2012 10:36:17 PM, Error: PlugPlayManager [12] - The device 'Mobile Intel(R) 4 Series Chipset PCI Express Root Port - 2A41' (PCI\VEN_8086&DEV_2A41&SUBSYS_19C71043&REV_07\3&11583659&1&08) disappeared from the system without first being prepared for removal.
6/2/2012 10:36:03 PM, Error: EventLog [6008] - The previous system shutdown at 10:33:55 PM on 6/2/2012 was unexpected.
6/2/2012 10:32:19 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
6/2/2012 10:30:37 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
6/2/2012 10:29:29 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/2/2012 10:12:08 PM, Error: EventLog [6008] - The previous system shutdown at 10:05:43 PM on 6/2/2012 was unexpected.
6/1/2012 9:57:22 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/1/2012 9:57:14 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/1/2012 9:57:14 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/1/2012 9:57:14 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/1/2012 10:00:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Licensing service, but this action failed with the following error: An instance of the service is already running.
6/1/2012 1:55:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
6/1/2012 1:55:53 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2012 1:55:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
5/31/2012 3:44:03 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2012 3:39:44 PM, Error: Service Control Manager [7034] - The Superfetch service terminated unexpectedly. It has done this 3 time(s).
5/31/2012 3:39:44 PM, Error: Service Control Manager [7034] - The ReadyBoost service terminated unexpectedly. It has done this 3 time(s).
5/31/2012 3:39:44 PM, Error: Service Control Manager [7034] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 3 time(s).
5/31/2012 3:39:44 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 3 time(s).
5/31/2012 3:39:35 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 2 time(s).
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-486_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-485_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-484_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-481_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-23_neutral_GDR from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-156_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-155_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-154_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-153_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-152_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-151_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-150_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-149_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-148_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-147_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-146_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-145_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-144_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-143_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-142_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-141_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-140_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-139_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-138_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-137_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-136_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-135_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-134_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-133_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-132_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-131_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-130_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-129_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-128_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-127_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-126_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-125_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-124_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-123_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-122_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-121_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-120_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-119_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-118_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-117_neutral_PACKAGE from package KB2633952(Update) into Absent(Absent) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-116_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-115_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-114_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-113_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-112_neutral_PACKAGE from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-111_neutral_GDR from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:48:14 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633952-108_neutral_GDR from package KB2633952(Update) into Staged(Staged) state
5/31/2012 12:39:35 PM, Error: EventLog [6008] - The previous system shutdown at 3:37:14 PM on 5/27/2012 was unexpected.
5/31/2012 1:14:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows Vista for x64-based Systems (KB2633952).
5/31/2012 1:14:21 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2633952 (Update) into Install Requested(Install Requested) state
5/27/2012 3:35:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
5/27/2012 3:35:19 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/27/2012 3:35:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
5/27/2012 3:27:10 PM, Error: EventLog [6008] - The previous system shutdown at 10:51:11 AM on 5/26/2012 was unexpected.
.
==== End Of File ===========================

thank you once again

 

[Bobbye]

Did you miss this?

=============================================
Please describe what problems you are experiencing.
============================================

I see numerous, repeating errors causing problems. But what is happening that Best Buy thinks the only fix is to reformat/reinstall?
There 2 errors> Superfetch/ReadyBoost and the Program Compatibility Assistant can cause problems within the system itself, unrelated to malware.

 

[marcela]

what's happening is that its take long time to start then once I'm in it take forever to open an application.
I look at the task manager and see the cpu at 100% look at the image name and see some that at avp.exe*32 on it and some other ones too tried to end process and nothing. best buy never gave an explanation ..just said you need a new hard drive

 

[marcela]

and another thing that I did notice was that the toolbar hide and the icons are no longer showing up ... which I thought was strange.

 

[Bobbye]

Some rogue program can cause icons, programs, files, etc. to appears to be missing. They are not gone, just hidden by the malware. The following may restore these for you Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.

1. Download Unhide.exeand save to the desktop.

• Double-click on Unhide.exe icon to run the program.
• This program will remove the +H, or hidden, attribute from all the files on your hard drives.

==============================================
Questions and comments:
1. Are you getting messages that there are 'critical' problem with the system? If so, please do not click on any of the messages
2. Can you access the internet?
3. Are you crashing and/or getting blue screens?
4. How much RAM is installed: Click on Control Panel> System> properties screen will show the RAM. Let me know what that is.
5. Why did you take the computer to Best Buy in the first place?
6. Install Date is 6/26/2009. Have you been doing any maintenance in the past 5 years to include:
Delete temporry internet files and Cookies
Disc Cleanup
Defrag
Error Check
Security scans
==========================================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------

• 
  Download Combofix from HERE or HEREand save to the desktop
  • Double click combofix.exe
    
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    

    The Recovery Console was successfully installed.

  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• Close any open browsers.
• Before you run the Combofix scan, please disable any security software you have running.
  (If you need help with this, please see HERE)
• Click on Yes, to continue scanning for malware
• If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1o not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
============================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
4. Continue with the directions.
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
Please leave the answers to my questions and the logs from Combofix and the Eset scan in your next reply.

 

[marcela]

Questions and comments:1. Are you getting messages that there are 'critical' problem with the system? If so, please do not click on any of the messages NO
2. Can you access the internet? Yes only through LAN
3. Are you crashing and/or getting blue screens? NO crashing blue screen
4. How much RAM is installed: Click on Control Panel> System> properties screen will show the RAM. Let me know what that is. 4 GB with a 327gb free of 454 gb of storage space
5. Why did you take the computer to Best Buy in the first place?took it b/c it was really slow and I could not do anything meaning it took a long time to open an application or a file .
6. Install Date is 6/26/2009. Have you been doing any maintenance in the past 5 years to include: No I have not, just used it for school documents and loaded pictures. so didnt' think I needed to do that .
Delete temporry internet files and Cookies= will do that if you think if its ok to do so with a program called ATF-CLeaner or TFC
Disc Cleanup
Defrag
Error Check
Security scans
Can glary utilities be of any use. just mentioning it b.c I was just reading forum and saw this but wanted to ask you first.
thank you ...for your help. I will do what u suggested above. and will post the log for combo fix.

 

[marcela]

ComboFix 12-06-05.01 - Lauren Carrion 06/05/2012 12:38:59.1.1 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2166 [GMT -4:00]
Running from: c:\users\Lauren Carrion\Desktop\ComboFix.exe
AV: Kaspersky PURE *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\96D491B5E3.sys
c:\users\Lauren Carrion\AppData\Roaming\Install.dat
c:\users\Lauren Carrion\Documents\~WRL0005.tmp
c:\users\Lauren Carrion\Documents\~WRL0423.tmp
c:\users\Lauren Carrion\Documents\~WRL2109.tmp
c:\users\Lauren Carrion\Documents\~WRL2257.tmp
c:\users\Lauren Carrion\Documents\~WRL3282.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 17:50 . 2012-06-05 18:01 -------- d-----w- c:\users\Lauren Carrion\AppData\Local\temp
2012-06-05 17:50 . 2012-06-05 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 18:09 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA01CC38-962F-4CDD-8969-F1AD9B33D4EA}\mpengine.dll
2012-06-01 17:23 . 2012-06-01 17:23 -------- d-----w- c:\users\Lauren Carrion\AppData\Roaming\Malwarebytes
2012-06-01 17:21 . 2012-06-01 17:21 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 17:20 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 17:20 . 2012-06-01 17:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-31 19:55 . 2012-05-31 19:55 388096 ----a-r- c:\users\Lauren Carrion\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-31 19:55 . 2012-05-31 19:55 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-09 22:17 . 2012-03-30 12:45 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 22:14 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 22:13 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 22:13 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 20:34 . 2012-03-16 20:34 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 20:34 . 2012-03-16 20:34 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 20:34 . 2012-03-16 20:34 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 20:34 . 2012-03-16 20:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 20:34 . 2012-03-16 20:34 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 20:34 . 2012-03-16 20:34 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 20:34 . 2012-03-16 20:34 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 20:34 . 2012-03-16 20:34 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 20:34 . 2012-03-16 20:34 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 20:34 . 2012-03-16 20:34 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 20:34 . 2012-03-16 20:34 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 20:34 . 2012-03-16 20:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 20:34 . 2012-03-16 20:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 20:34 . 2012-03-16 20:34 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 20:34 . 2012-03-16 20:34 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 20:33 . 2012-03-16 20:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 20:33 . 2012-03-16 20:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 20:32 . 2012-03-16 20:32 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 20:32 . 2012-03-16 20:32 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 20:32 . 2012-03-16 20:32 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 20:32 . 2012-03-16 20:32 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 20:32 . 2012-03-16 20:32 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 20:32 . 2012-03-16 20:32 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 20:32 . 2012-03-16 20:32 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 20:32 . 2012-03-16 20:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 20:32 . 2012-03-16 20:32 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 20:32 . 2012-03-16 20:32 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 20:32 . 2012-03-16 20:32 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 20:32 . 2012-03-16 20:32 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 20:32 . 2012-03-16 20:32 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 20:32 . 2012-03-16 20:32 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 20:32 . 2012-03-16 20:32 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 20:32 . 2012-03-16 20:32 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 20:32 . 2012-03-16 20:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 02:05 129624 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3728632]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Lauren Carrion\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-02 348760]
.
c:\users\Lauren Carrion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~2\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 02:40]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 02:40]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964028075-209379423-1450455170-1000Core.job
- c:\users\Lauren Carrion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 18:48]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964028075-209379423-1450455170-1000UA.job
- c:\users\Lauren Carrion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 02:06 170584 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-26 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-26 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-26 200216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-26 16225824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-04-14 7714336]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-14 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-26 1645352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-03 320512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~2\x64\kloehk.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.scbwi.org/Pages.aspx/Who-We-Are---What-We-Do
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 172.16.0.193 172.16.0.194 172.16.0.191 172.16.0.192
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
.
**************************************************************************
.
Completion time: 2012-06-05 14:15:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-05 18:15
.
Pre-Run: 351,044,661,248 bytes free
Post-Run: 353,169,162,240 bytes free
.
- - End Of File - - D1FD619387D65229955D3CDC20748E74

 

[marcela]

ran the eset online scan and I kept getting unexpected error 2002

 

[Bobbye]

No matter what you use a computer for, you still have to do maintenance on it to keep it running well. You have progrms set to start on boot. Most will continue to run in the background. s you surf, you will get temporary internet files and Cookies. You've been surfing for 3 years and continue to crry all of that around.

You've added programs, some may have been bundled wit toolbars, browser helper objects, adware and maybe spyware. You've updted- what about removing old versions of what you update.

You have to reboot Windows occasionally- it's messy. The files need to be put back in place. Memory needs to be freed up. In your own words, you've added "lots of photos." Depending on how you sved them, you re now dragging them around also.
================================================
Run this TFC (Temp File Cleaner)
Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

====================================================

SuperAntiSpyware Home Edition Free Version

• Please download SuperAntiSpyware from HERE
• Launch SuperAntiSpyware and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click on 'Preferences'.
• Click on the 'Statistics/Logs' tab.
• Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
==============================================
Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=======================================
Reset your browser proxies

• For Firefox:
  o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
  o Click on the "Network" tab, and then on the "Settings" button.
  o Please make sure that the "No Proxy" option is selected.
• For Internet Explorer:
  o Open Internet Explorer.
  o Click on "Tools" and then select "Internet Options".
  o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
  o Uncheck "Use a Proxy server for your LAN".
  o Click Ok to close the Local Area Network (LAN) Settings window.
  o Click Ok to close the Internet Options window.

=======================================================
Cleaning up the rest of the system:

Right click on Start> Explore> Computer> Right click on Local Drive> Properties>>> You will do the following from this screen:

Screenshot courtesy addictivetips.

1. Uncheck the box for indexing
2. Uncheck the box for Compress> then press Apply
3. Click on Disc Cleanup and follow the prompts.
4. When Disc Cleanup has finished, go back to screen above and click in Tools tab
5. Click on Error Check (Tools tab screen)> Check both boxes on the screen tht comes up> Close the nag message that comes up annd reboot the computer. This will start the checking. Let it finish-it will take a while-it will reboot when through.
6. (On Tools screen as above)> Click on Defragment> Click on Defrag > let it finish. Close and reboot when finished.
==============================================
Try the Eset scan again. Please note: There are 2 directions for Eset> 1 for IE and 1 for any other browser. Be aure you choose the correct one.
=============================================
Please leave the SuperAntispyware log and Eset log if there is one.
==============================================
Do you notice any difference in the system? This will take a while but all is necessary.

 

[marcela]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/06/2012 at 03:39 PM
Application Version : 5.0.1150
Core Rules Database Version : 8614
Trace Rules Database Version: 6426
Scan type : Complete Scan
Total Scan Time : 01:20:01
Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User
Memory items scanned : 473
Memory threats detected : 0
Registry items scanned : 64023
Registry threats detected : 0
File items scanned : 48558
File threats detected : 31
Adware.Tracking Cookie
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJ5ARM3I.txt [ Cookie:lauren carrion@imrworldwide.com/cgi-bin ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\MKS1ZK2D.txt [ Cookie:lauren carrion@tacoda.at.atwola.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\LP571ABL.txt [ Cookie:lauren carrion@www.googleadservices.com/pagead/conversion/1018173883/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\YVA2N2N7.txt [ Cookie:lauren carrion@eventbrite.122.2o7.net/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\lauren_carrion@specificmedia[3].txt [ Cookie:lauren carrion@specificmedia.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\NMP5ETP7.txt [ Cookie:lauren carrion@realmedia.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\4I6ESOLC.txt [ Cookie:lauren carrion@www.googleadservices.com/pagead/conversion/1024614096/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWLH4U08.txt [ Cookie:lauren carrion@accountonline.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLW6D5JJ.txt [ Cookie:lauren carrion@eset.122.2o7.net/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\VE3NBKIZ.txt [ Cookie:lauren carrion@a1.interclick.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\X38EH8EI.txt [ Cookie:lauren carrion@ad.yieldmanager.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZQ3EBYC4.txt [ Cookie:lauren carrion@advertising.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\SMUP8UJ2.txt [ Cookie:lauren carrion@www.googleadservices.com/pagead/conversion/990833351/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\QJBGB35V.txt [ Cookie:lauren carrion@www.googleadservices.com/pagead/conversion/1039030038/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\MI27PZT6.txt [ Cookie:lauren carrion@doubleclick.net/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\EVCTF3LE.txt [ Cookie:lauren carrion@tacoda.net/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\72DXTUX7.txt [ Cookie:lauren carrion@zedo.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\DFZ6JYCH.txt [ Cookie:lauren carrion@atdmt.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\6W574WJ3.txt [ Cookie:lauren carrion@invitemedia.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\1OVFIAOY.txt [ Cookie:lauren carrion@ar.atwola.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YU5AYKS.txt [ Cookie:lauren carrion@martiniadnetwork.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQBV7JFQ.txt [ Cookie:lauren carrion@at.atwola.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\959TZEVQ.txt [ Cookie:lauren carrion@www.googleadservices.com/pagead/conversion/990002107/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\1R7G2KOG.txt [ Cookie:lauren carrion@ru4.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\8XX8AMMU.txt [ Cookie:lauren carrion@www.googleadservices.com/pagead/conversion/1041669511/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\AH7RJUKD.txt [ Cookie:lauren carrion@citi.bridgetrack.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\MOE4GT7O.txt [ Cookie:lauren carrion@delivery.ctasnet.com/adserver/www/delivery/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\RS3P9RSS.txt [ Cookie:lauren carrion@revsci.net/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\X98J2NK0.txt [ Cookie:lauren carrion@media2.legacy.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EQEDUJY.txt [ Cookie:lauren carrion@atwola.com/ ]
C:\USERS\LAUREN CARRION\AppData\Roaming\Microsoft\Windows\Cookies\Low\LWRQ7QKS.txt [ Cookie:lauren carrion@tribalfusion.com/ ]

did the eset scan and no infected files
I took a look at the task manager and its cpu is sometimess 100% I see alot of exe *32 physical memory is 65% is that normal?

 

[Bobbye]

Hopefully, if you had SAS remove what it found, then reset the Cookies as instructed, it should prevent picking up all or most Tracking Cookies in the future. If you use Firefox or Chrome, look for ad blocking addons.

You should also check for error in Device Manager: Control Panel> System> Hardware tab> Device Manager> Click on + sign to expand> Right click> Properties on the Display Adapter> Do you see an error icon>

?

If so, note the manufacturer's name of the graphics card (example> Nvidia)> go to the manufacturer's sit and look for a driver update.

Please complete the rest of the instructions I left.

 

[marcela]

I did defrag the computer. I don't see any error icon. what I do see is slowness windows boots up

 

[marcela]

and I did the eset online scan and didnt' fine anything

 

[Bobbye]

Close the system down. Then reboot into Normal Mode.

Do not make any changes below- just give me the numbers:

1. Click on Start> Run> type in msconfig> Startup tab> count the number of boxes you have checked. Let me know how many.

2. Click on Start> Run> type in services.msc> count the number of Services that are set to Automatic startup type. Let me know.

3. Right click on the Taskbar> Task Manager> Look at the bottom to see how many processes are running. Let me know how many.
=================================================
Remove the HijackThis you have now. Set up the Directory as instructed, then download and run HJT. Leave the logs and the numbers from above.

First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
----------------------------------
Download HijackThis and save to your desktop.

• Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
• Extract it to the directory on your hard drive you created C:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

 

[marcela]

1. Click on Start> Run> type in msconfig> Startup tab> count the number of boxes you have checked. Let me know how many 23
2. Click on Start> Run> type in services.msc> count the number of Services that are set to Automatic startup type. Let me know 79
3. Right click on the Taskbar> Task Manager> Look at the bottom to see how many processes are running. Let me know how many. 81

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:15 AM, on 6/8/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Users\Lauren Carrion\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scbwi.org/Pages.aspx/Who-We-Are---What-We-Do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ADSMTray] "C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKCU\..\Run: [SRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9620 bytes

 

[Bobbye]

This is why you're slow:

1. Click on Start> Run> type in msconfig> Startup tab> count the number of boxes you have checked. Let me know how many 23>>> I have 4
2. Click on Start> Run> type in services.msc> count the number of Services that are set to Automatic startup type. Let me know 79>>> Black Viper Referencr Site for you OS shows only 52 Services need to be on Automatic. Note: This counts only those Services within the OS itself. Additional downloaded software programs MAY add a Service. Some Services can be disabled (with caution(
3. Right click on the Taskbar> Task Manager> Look at the bottom to see how many processes are running. Let me know how many. 81>> I have 32

-----------------------------------------------
#1
How to use MSCONFIG in Windows Vista

1. Click on the Vista start icon
   
   in the bottom left corner of your screen.
2. Type MSCONFIG> press enter
3. Vista asks permission to use this account:
   
   
4. Follow the on-screen prompts to give Vista permission to continue.
5. When finished with UAC, Microsoft's System Configuration Utility will display
   
   
   
   Note: change from image> check Selective Startup
6. Click on the Startup tab.
7. Vista loads essential programs through "Windows Services" so what you see here are optional.
8. Uncheck the box for each process that you do not want to start on boot
9. Click on OK
10. If this box displays, click the box by message 'dons how this message again', then click Restart:

All images courtesy netsquirrel.com
==============================================
#2
Resetting Services:

Boot into Safe Mode with Networking

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, and then press ENTER.

Click on Start> Run> type in services.msc> using the Black Viper’s Windows Vista Service Pack 2 Service Configurations Reference Site reset the Services as suggested. Note: Be sure to check the Dependency for each. Resetting Services in Safe Mode will allow you to set any Dependency needed to run a Service.
==============================================
When you have finished, reboot the computer back into Normal Mode. Remember my warning about the nag message coming up the first time you reboot after using msconfig. Just check the box, close the message, stay in Selecive Startup.

You only have to reset 1 and 2 once. It will take time, but this is the only way to speed the system up. Once it has been done, you should see far less processes running in the Task Manager and should experience faster loading and surfing speed.
=======================================================
Please read my directions carefully. I have written them out to make the work easy and clear. Keep in mind that if you come across a process and don't know what it's for, there are a lot of search engines that will help you identify it.
======================================================
Warning: Use a site advisor. Only stop on sites that are rated safe and reliable. I recommend using the Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

Every time you do a search and the screen comes up with the sites, they will have the rating light:
Green (2 shades)> Good to go.
Amber/Yellow> use Caution,
Red> not advised.

 

[marcela]

how will I know which one's are safe to uncheck

 

[Bobbye]

Please read my directions carefully. It tells you what need to be on Startup and directs you to a search if you don't know what a process is for. I am giving you the tools- you have to do the digging!