Inactive Sound playing threw speakers

[lefty724]

I have unwanted sound playing though my speakers which sounds like an internet radio station yet I'm not the one doing it. Does it even when my browswer is closed. I've ran a couple different malware programs and nothing has gotten rid of it. Assuming that I'm infected with malware of course.
I was browsing through posts on here and saw one where they were having similar trouble so I ran hijack this is the log it gave me:

[HJT log removed by Broni]

Any help would be greatly appreciated as this is very annoying.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[lefty724]

Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.20.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
shortcake :: SHORTCAKE-PC [administrator]

Protection: Enabled

3/19/2014 11:34:59 PM
mbam-log-2014-03-19 (23-34-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231536
Time elapsed: 13 minute(s), 35 second(s)

Memory Processes Detected: 2
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (PUP.Optional.ShopAtHome.A) -> 3660 -> Delete on reboot.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (PUP.Optional.ShopAtHome.A) -> 3688 -> Delete on reboot.

Memory Modules Detected: 1
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll (PUP.Optional.ShopAtHome.A) -> Delete on reboot.

Registry Keys Detected: 46
HKCR\CLSID\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Interface\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\ComObject.DeskbarEnabler.1 (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\ComObject.DeskbarEnabler (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Interface\{2A42D13C-D427-4787-821B-CF6973855778} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Toolbar3.TBSB07898.1 (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Toolbar3.TBSB07898 (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\ShopAtHome.ShopAtHome.3 (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\ShopAtHome.ShopAtHome (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{CC6A58F3-FD45-4D29-BD83-3F87ACEAAEEE} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Interface\{03E4029F-C6AE-4EA3-90D0-B5486E6E7B27} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Toolbar3.ShopAtHome.1 (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Toolbar3.ShopAtHome (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{66516A07-F617-488A-90CF-4E690CFB3C5F} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66516A07-F617-488A-90CF-4E690CFB3C5F} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Toolbar (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GigaClicks Crawler (PUP.Optional.GigaClicks.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\TbCommonUtils.CommonUtils.1 (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\TbCommonUtils.CommonUtils (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Interface\{EDB980C4-AAC0-41A8-A406-2FB4D196B0D8} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\URLSearchHook.ToolbarURLSearchHook (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\ShopAtHome.IEToolbar (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCR\ShopAtHome.IEToolbar.1 (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\Software\ShopAtHome.com (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update PacFunction (PUP.Optional.PacFunction.A) -> Quarantined and deleted successfully.

Registry Values Detected: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ShopAtHomeWatcher (PUP.Optional.ShopAtHome.A) -> Data: C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ShopAtHomeUpdater (PUP.Optional.ShopAtHome.A) -> Data: C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{311B58DC-A4DC-4B04-B1B5-60299AD3D803} (PUP.Optional.ShopAtHome.A) -> Data: ÜX1ܤK±µ`)šÓØ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{311B58DC-A4DC-4B04-B1B5-60299AD3D803} (PUP.Optional.ShopAtHome.A) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} (PUP.Optional.ShopAtHome.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} (PUP.Optional.ShopAtHome.A) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 4
C:\Users\shortcake\AppData\Roaming\ShopAtHome (PUP.Optional.ShopAtHome.A) -> Delete on reboot.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper (PUP.Optional.ShopAtHome.A) -> Delete on reboot.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.

Files Detected: 54
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (PUP.Optional.ShopAtHome.A) -> Delete on reboot.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll (PUP.Optional.ShopAtHome.A) -> Delete on reboot.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (PUP.Optional.ShopAtHome.A) -> Delete on reboot.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C102707440_D1_R44832.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C102707440_D1_R92140.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\HttpHandle302.dll (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAHPlugin.dll (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ShopAtHomeUninstall.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Local\GCC\uninstall.exe (PUP.Optional.GigaClicks.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\Local Settings\Temporary Internet Files\Content.IE5\G0KXQXOL\Setup[1].exe (PUP.Optional.PacFunction.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\install.log (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\alert.html (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\autoupdate-config.xml (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\basis.xml (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\Exec.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\logo.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\merchants.xml (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\postinstallurl.txt (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\postuninstallurl.txt (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\prefs.xml (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\SAH_serialize.bin (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\uninst.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\basis.xml (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ClearHist.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\icons.bmp (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\logo.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\minus.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\plus.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\Prefs.xml (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-alert.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-clearsearch.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-comment.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-contests.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freecoupons.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freesamples.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-go.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-grocerycoupons.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-information.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-mysah.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-options.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-restaurant.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-wishlist.png (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAH_favicon.ico (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbCommonUtils.dll (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbhelper.dll (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbHelper2.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_externalsearch.js (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_showhidetoolbar.js (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\Users\shortcake\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\uninstall.exe (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar\ShopAtHome.com Homepage.url (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar\ShopAtHome.com Uninstall.lnk (PUP.Optional.ShopAtHome.A) -> Quarantined and deleted successfully.

(end)

 

[lefty724]

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540 BrowserJavaVersion: 10.51.2
Run by shortcake at 22:23:05 on 2014-03-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.948 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\shortcake\AppData\Local\GCC\Controller.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Users\shortcake\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\taskeng.exe
C:\Users\shortcake\AppData\Local\GCC\Controller.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Users\SHORTC~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Users\SHORTC~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Users\SHORTC~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Users\SHORTC~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Users\SHORTC~1\AppData\Local\GCC\CHROME~1\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://search.coupons.com/
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\Webroot\WRData\PKG\Vistax86\wrflt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -
TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WorkForce 630(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_S932.tmp" /EF "HKCU"
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\Users\SHORTC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\shortcake\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\SHORTC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{80590CFE-DB02-4C02-8D37-12C8B9AE667C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C2370A83-364F-4105-905A-275EB21DFC24} : DHCPNameServer = 168.94.0.14 168.94.0.15
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
x64-mPolicies-Explorer: NoViewOnDrive = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-Explorer: DisableLocalMachineRun = dword:0
x64-mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
x64-mPolicies-Explorer: DisableCurrentUserRun = dword:0
x64-mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
x64-mPolicies-Explorer: NoFile = dword:0
x64-mPolicies-Explorer: HideClock = dword:0
x64-mPolicies-Explorer: NoDevMgrUpdate = dword:0
x64-mPolicies-Explorer: NoDFSTab = dword:0
x64-mPolicies-Explorer: NoWindowsUpdate = dword:0
x64-mPolicies-Explorer: NoEncryptOnMove = dword:0
x64-mPolicies-Explorer: NoRunasInstallPrompt = dword:0
x64-mPolicies-Explorer: NoResolveTrack = dword:0
x64-mPolicies-Explorer: NoStartMenuSubFolders = dword:0
x64-mPolicies-System: NoDispAppearancePage = dword:0
x64-mPolicies-System: NoDispSettingsPage = dword:0
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\shortcake\AppData\Roaming\Mozilla\Firefox\Profiles\2iwi5w5q.default\
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\Users\SHORTC~1\AppData\Roaming\CATALI~1\npBcsKtTcHW.dll
FF - plugin: C:\Users\shortcake\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2013-4-2 115168]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/05/25 04:05:22];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [2009-5-25 89088]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-2-13 166352]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-1-7 151536]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-19 701512]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-22 126464]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-19 25928]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-3-14 36392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 WRSVC;WRSVC;C:\Program Files (x86)\Webroot\WRSA.exe [2013-4-2 765528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-17 89920]
.
=============== File Associations ===============
.
FileExt: .cmd: GeekSquad="%1" %*
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-03-19 07:01:48 90015360 ----a-w- C:\Windows\System32\mrt.exe
2014-03-08 17:12:30 154248 ----a-w- C:\Windows\SysWow64\WRusr.dll
2014-03-08 17:12:30 115168 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2014-03-08 17:12:30 105320 ----a-w- C:\Windows\System32\WRusr.dll
2014-02-23 07:12:29 17847808 ----a-w- C:\Windows\System32\mshtml.dll
2014-02-23 06:54:58 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 06:52:45 10926592 ----a-w- C:\Windows\System32\ieframe.dll
2014-02-23 06:48:43 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2014-02-23 06:48:31 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 06:46:42 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-23 06:46:20 237056 ----a-w- C:\Windows\System32\url.dll
2014-02-23 06:46:08 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-02-23 06:45:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:32 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-02-23 06:45:27 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-23 06:44:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-02-23 06:44:57 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2014-02-23 06:44:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-02-23 06:44:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:43:22 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-02-23 05:50:22 12347904 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-02-23 05:47:19 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:43:55 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-02-23 05:41:03 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-02-23 05:40:18 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:15 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-02-23 05:38:08 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-02-23 05:38:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:37:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-02-23 05:37:12 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-02-23 05:37:09 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-02-23 05:36:31 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-02-23 05:36:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:35:49 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-02-07 12:11:49 2776064 ----a-w- C:\Windows\System32\win32k.sys
2014-02-03 13:20:59 619008 ----a-w- C:\Windows\System32\qedit.dll
2014-02-03 10:37:54 505344 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-30 10:12:47 1111040 ----a-w- C:\Windows\System32\wer.dll
2014-01-30 07:46:58 876032 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-26 23:27:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-26 23:27:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-17 21:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 21:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-12-13 01:45:27 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 22:23:52.97 ===============

 

[lefty724]

Attach.txt log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/25/2009 6:28:54 AM
System Uptime: 3/20/2014 1:15:00 AM (21 hours ago)
.
Motherboard: Quanta | | 3627
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 164.024 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.954 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP528: 2/20/2014 1:13:21 PM - Installed HP Quick Launch Buttons
RP529: 2/21/2014 1:10:35 PM - Scheduled Checkpoint
RP530: 2/24/2014 6:32:54 PM - Scheduled Checkpoint
RP531: 2/26/2014 3:00:18 AM - Windows Update
RP532: 2/26/2014 7:32:08 PM - Scheduled Checkpoint
RP533: 2/27/2014 3:00:18 AM - Windows Update
RP534: 2/28/2014 10:07:32 PM - Device Driver Package Install: Apple Network adapters
RP535: 3/3/2014 11:43:06 AM - Scheduled Checkpoint
RP536: 3/4/2014 9:23:58 PM - Scheduled Checkpoint
RP537: 3/6/2014 12:14:43 PM - Scheduled Checkpoint
RP538: 3/9/2014 10:07:19 PM - Scheduled Checkpoint
RP539: 3/10/2014 3:08:04 PM - Scheduled Checkpoint
RP540: 3/12/2014 12:36:45 PM - Scheduled Checkpoint
RP541: 3/13/2014 3:00:22 AM - Windows Update
RP542: 3/16/2014 3:27:54 PM - Scheduled Checkpoint
RP543: 3/17/2014 1:41:05 PM - Scheduled Checkpoint
RP544: 3/19/2014 1:00:01 AM - AA11
RP545: 3/19/2014 3:00:25 AM - Windows Update
RP546: 3/19/2014 7:08:13 PM - Installed HiJackThis
RP547: 3/20/2014 6:28:51 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Ad-Aware Antivirus
Ad-Aware Security Add-on
AdAwareInstaller
AdAwareUpdater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Agere Systems HDA Modem
AIO_Scan
AntimalwareEngine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bejeweled Deluxe 1.87
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BufferChm
C4200
C4200_doccd
c4200_Help
Catalina Savings Printer
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
CouponBar
CustomerResearchQFolder
CyberLink DVD Suite
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dropbox
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 630 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
ESU for Microsoft Vista
eSupportQFolder
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Customer Participation Program 9.0
HP Help and Support
HP Imaging Device Functions 9.0
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Quick Launch Buttons
HP Solution Center 9.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0126
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
IDT Audio
Intel(R) Graphics Media Accelerator Driver
iTunes
iWin Games (remove only)
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Works
Move Media Player
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
MyPC Backup
Power2Go
PowerDirector
Print@Home
ProtectSmart Hard Drive Protection
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QLBCASL
QuickTime 7
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
ShopAtHome.com Helper
Slingbox - Watch Your TV Anywhere
SlingPlayer
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
SPORE Creature Creator Trial Edition
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
WebReg
Webroot SecureAnywhere
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
.
==== Event Viewer Messages From Past Week ========
.
3/20/2014 11:12:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
3/20/2014 11:12:30 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2014 11:12:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
3/20/2014 1:19:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
3/20/2014 1:19:39 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2014 1:16:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
3/20/2014 1:16:40 AM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2014 1:15:32 AM, Error: EventLog [6008] - The previous system shutdown at 1:14:12 AM on 3/20/2014 was unexpected.
3/20/2014 1:08:41 AM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/19/2014 12:39:56 AM, Error: Service Control Manager [7000] - The Update PacFunction service failed to start due to the following error: The system cannot find the file specified.
3/19/2014 12:39:51 AM, Error: Service Control Manager [7031] - The Update PacFunction service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/19/2014 12:34:38 AM, Error: EventLog [6008] - The previous system shutdown at 12:31:58 AM on 3/19/2014 was unexpected.
3/19/2014 12:24:30 AM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

 

[Broni]

You're running two AV programs, Webroot and Ad-aware.
You must uninstall one of them.
I suggest Ad-aware goes.

Download RogueKiller from one of the following links and save it to your Desktop:

• Link 1
• Link 2

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Please download Rkill (courtesy of BleepingComputer.com) to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.