Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

IObit SysExplorer upload report + brief explaination of issues that led to my running SysExplorer


myamets

Recommended Posts

Hi, this is my first post and not sure if I am in the correct section. I took a guess and appologize if I'm not in the right place...

 

I've been having a couple of specific problems since around Oct. 2011. The most bothersome is that something is redirecting my search results to unfamiliar and usually advertising pages (mainly click.scour.com, get-answers-fast, and the IP of Level 3 Communications... but many others too). The other problem is that my Action Center keeps saying I have a critical problem that the security center is not started, but I can't start it.

 

Nothing I have tried as far as 3rd party security software has worked.. the one that ran a free scan and seemed to find things that appeared to be the redirecting problem, made me pay $30.00 to fix the problems (SpyNoMore). It appeared to have fixed what it found, but not my redirecting problem. At the time, I had the free version of IObit Advanced Systems Care v4 and it deleted the SpyNoMore as malware... maybe it was?

 

Anyway, I now got the Pro of IObit ACS v5 and ran the SysExplorer and I'm hoping that since the upload button at the end of the results took me to this forum.. .that you would be the knowledgeble folks who might be able to finally help me with these issues.

 

Tia for any help, suggestions or advice:smile:

 

Here is the results of the report...

 

Advanced SystemCare Diagnose Report v1.0

Date: 2011/12/23 17:24:17

 

----------------------------------

01 - Operating System

----------------------------------

 

0101 - Operating System : Windows 7 Home Premium 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.110622-1506)

0102 - Language : English (Regional Setting: English)

0103 - BIOS : InsydeH2O Version CCB.03.60.341.40

0104 - Processor : AMD C-50 Processor (2 CPUs), ~1.0GHz

0105 - Memory : 2048MB RAM

0106 - Available OS Memory : 1638MB RAM

0107 - Page File : 1246MB used, 2031MB available

0108 - Windows Dir : C:\windows

0109 - DirectX Version : DirectX 11

0110 - DX Setup Parameters : Not found

0111 - User DPI Setting : Using System DPI

0112 - System DPI Setting : 96 DPI (100 percent)

0113 - DWM DPI Scaling : Disabled

0114 - DxDiag Version : 6.01.7601.17514

 

----------------------------------

02 - Processor

----------------------------------

 

0201 - Caption : AMD C-50 Processor x2 ~1000MHz

0202 - Current Clock Speed : 1000MHz

0203 - L1 Cache : 128.00 KB

0204 - L2 Cache : 1.00 MB

 

----------------------------------

03 - Video Adapter

----------------------------------

 

0301 - Card Name : AMD Radeon HD 6250 Graphics

0302 - Manufacturer : ATI Technologies Inc.

0303 - Chip Type : ATI display adapter (0x9804)

0304 - DAC Type : Internal DAC(400MHz)

0305 - Device Key : Enum\PCI\VEN_1002&DEV_9804&SUBSYS_FDE81179&REV_00

0306 - Display Memory : 936 MB

0307 - AdapterRAM : 384.00 MB

0308 - Current Mode : 1366 x 768 (32 bit) (60Hz)

0309 - Monitor Name : Generic PnP Monitor

0310 - Driver Name : aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll

0311 - Driver Version : 8.17.0010.1063

0312 - Driver Language : English

0313 - DDI Version : 11

0314 - Driver Model : WDDM 1.1

0315 - Driver Beta : False

0316 - Driver Debug : False

0317 - Driver Date : 2/10/2011 14:54:58

0318 - Driver Size : 708608

0319 - VDD : n/a

0320 - Mini VDD : n/a

0321 - Mini VDD Date : n/a

0322 - Mini VDD Size : 0

0323 - Device Identifier : {D7B71EE2-DB44-11CF-EE76-E2DDBEC2C535}

0324 - Vendor ID : 0x1002

0325 - Device ID : 0x9804

0326 - SubSys ID : 0xFDE81179

0327 - Revision ID : 0x0000

0328 - Driver Strong Name : oem3.inf:ATI.Mfg.NTamd64.6.1:ati2mtag_Wrestler:8.812.2.1000:pci\ven_1002&dev_9804&subsys_fde81179

0329 - Rank Of Driver : 00E60001

0330 - Video Accel : ModeMPEG2_A ModeMPEG2_C

0331 - Deinterlace Caps : {6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{552C0DAD-CCBC-420B-83C8-74943CF9F1A6}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,2) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

0332 - D3D9 Overlay : Not Supported

0333 - DXVA-HD : Not Supported

0334 - DDraw Status : Enabled

0335 - D3D Status : Enabled

0336 - AGP Status : Enabled

0337 - Notes : No problems found.

 

0338 - OpenGL : 6.1.7600.16385 (win7_rtm.090713-1255)

 

----------------------------------

04 - Memory

----------------------------------

 

0401 - Total Memory : 1.60 GB

0402 - Free Memory : 961.32 MB

0403 - Total Pagefile : 3.20 GB

0404 - Free Pagefile : 1.97 GB

 

0405 - Bank Label : BANK0

0406 - Speed : 1066 MHz

0407 - Total Width : 64 Bits

0408 - Capacity : 2.00 GB

 

----------------------------------

05 - Network

----------------------------------

 

0501 - Description : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC

0502 - Driver Date : 1-5-2011

0503 - Driver Version : 1005.12.105.2011

 

----------------------------------

06 - Motherboard

----------------------------------

 

0601 - Model : Portable PC

0602 - Manufacturer : TOSHIBA

 

----------------------------------

07 - Sound Device

----------------------------------

 

0701 - Description : Speakers (Conexant SmartAudio HD)

0702 - Default Sound Playback : True

0703 - Default Voice Playback : True

0704 - Hardware ID : HDAUDIO\FUNC_01&VEN_14F1&DEV_5069&SUBSYS_1179FDE8&REV_1003

0705 - Manufacturer ID : 1

0706 - Product ID : 100

0707 - Type : WDM

0708 - Driver Name : CHDRT64.sys

0709 - Driver Version : 8.54.0001.0000

0710 - Driver attributes : Final Retail

0711 - Date and Size : 2/14/2011 14:43:00

0713 - Driver Provider : Conexant

0714 - Min/Max Sample Rate : 4642294, 4642294

0715 - Static/Strm HW Mix Bufs : 4642294, 4642294

0716 - Static/Strm HW 3D Bufs : 4642294, 4642294

0717 - HW Memory : 4642302

0718 - Voice Management : False

0719 - EAX 2.0 Listen/Src : False, False

0720 - I3DL2 Listen/Src : False, False

0721 - Notes : No problems found.

 

 

----------------------------------

08 - Hard Disk

----------------------------------

 

0801 - Model : TOSHIBA MK2565GSXN SATA Disk Device

0802 - Media Type : Fixed hard disk media

0803 - Size : 232.88 GB

0804 - Interface Type : Serial ATA

0805 - Driver Date : 6-21-2006

0806 - Driver Version : 6.1.7600.16385

 

0807 - Caption : C:\

0808 - Capacity : 220.08 GB

0809 - Free Space : 146.55 GB

0810 - Drive Type : 3-Fixed

0811 - File System : NTFS

 

----------------------------------

09 - Process

----------------------------------

 

0901 - 0000 Idle 0 0 0

0901 - 0004 System 0 0 0

0901 - 011c smss.exe 0 0 0 normal

0901 - 01a8 csrss.exe 0 0 0 normal

0901 - 0200 wininit.exe 0 0 0 high

0901 - 020c csrss.exe 1 174 78 normal

0901 - 0230 services.exe 0 0 0 normal

0901 - 0240 lsass.exe 0 0 0 normal

0901 - 0248 lsm.exe 0 0 0 normal

0901 - 028c winlogon.exe 1 6 0 high

0901 - 02ec svchost.exe 0 0 0 normal

0901 - 0328 ASCService.exe 0 0 0 high C:\Program Files (x86)\IObit\Advanced SystemCare 5

0901 - 0364 svchost.exe 0 0 0 normal

0901 - 0394 atiesrxx.exe 0 0 0 normal

0901 - 03e0 svchost.exe 0 0 0 normal

0901 - 0154 svchost.exe 0 0 0 normal

0901 - 01dc svchost.exe 0 0 0 normal

0901 - 0414 svchost.exe 0 0 0 normal

0901 - 0440 atieclxx.exe 1 9 6 normal

0901 - 0494 svchost.exe 0 0 0 normal

0901 - 056c spoolsv.exe 0 0 0 normal

0901 - 05a4 svchost.exe 0 0 0 normal

0901 - 05b0 taskeng.exe 0 0 0 below normal

0901 - 05cc dwm.exe 1 18 2 high

0901 - 05d4 IMFsrv.exe 0 0 0 normal C:\Program Files (x86)\IObit\IObit Malware Fighter

0901 - 05f4 explorer.exe 1 392 245 normal

0901 - 05fc taskhost.exe 1 16 16 normal

0901 - 069c rundll32.exe 0 0 0 normal

0901 - 06a4 rundll32.exe 0 0 0 normal C:\windows\SysWOW64

0901 - 0724 SASCore64.exe 0 0 0 normal

0901 - 0758 armsvc.exe 0 0 0 normal C:\Program Files (x86)\Common Files\Adobe\ARM\1.0

0901 - 0798 svchost.exe 0 0 0 normal

0901 - 07fc svchost.exe 0 0 0 normal

0901 - 06d4 SetPoint.exe 1 41 31 normal

0901 - 0528 ASCTray.exe 1 71 36 normal C:\Program Files (x86)\IObit\Advanced SystemCare 5

0901 - 016c hpqtra08.exe 1 15 27 normal C:\Program Files (x86)\HP\Digital Imaging\bin

0901 - 07e0 svchost.exe 0 0 0 normal

0901 - 0840 svchost.exe 0 0 0 normal C:\windows\SysWOW64

0901 - 0894 inetinfo.exe 0 0 0 normal

0901 - 091c mqsvc.exe 0 0 0 normal

0901 - 0984 KHALMNPR.exe 1 9 23 normal

0901 - 0a14 hpwuschd2.exe 1 9 4 normal C:\Program Files (x86)\HP\HP Software Update

0901 - 0a7c SMSvcHost.exe 0 0 0 normal

0901 - 0b64 TCPSVCS.EXE 0 0 0 normal

0901 - 0b88 snmp.exe 0 0 0 normal

0901 - 0ba4 svchost.exe 0 0 0 normal

0901 - 0bc4 TODDSrv.exe 0 0 0 normal

0901 - 0bfc TosCoSrv.exe 0 0 0 normal

0901 - 0acc svchost.exe 0 0 0 normal

0901 - 0c08 WLIDSVC.EXE 0 0 0 normal

0901 - 0c4c mqtgsvc.exe 0 0 0 normal

0901 - 0ca8 SMSvcHost.exe 0 0 0 normal

0901 - 0ce0 WLIDSVCM.EXE 0 0 0 normal

0901 - 0ee4 svchost.exe 0 0 0 normal

0901 - 06f0 hpqSTE08.exe 1 9 13 normal C:\Program Files (x86)\HP\Digital Imaging\bin

0901 - 0df0 hpqbam08.exe 1 9 4 normal C:\Program Files (x86)\HP\Digital Imaging\bin

0901 - 0fc8 hpqgpc01.exe 1 32 6 normal C:\Program Files (x86)\HP\Digital Imaging\bin

0901 - 1080 SearchIndexer.exe 0 0 0 normal

0901 - 12c8 wmpnetwk.exe 0 0 0 normal

0901 - 1054 svchost.exe 0 0 0 normal

0901 - 1270 ETDCtrl.exe 1 117 61 above normal

0901 - 0834 ETDCtrlHelper.exe 1 36 8 above normal

0901 - 1298 ASC.exe 1 1629 287 normal C:\Program Files (x86)\IObit\Advanced SystemCare 5

0901 - 14f0 svchost.exe 0 0 0 below normal

0901 - 14bc svchost.exe 0 0 0 normal

0901 - 136c svchost.exe 0 0 0 normal

0901 - 1288 audiodg.exe 0 0 0

0901 - 0ac4 sus10_sysexplorer.exe 1 102 46 normal C:\Program Files (x86)\IObit\Advanced SystemCare 5

0901 - 1780 SearchProtocolHost.exe 1 5 6 idle

0901 - 1604 SearchFilterHost.exe 0 0 0 idle

0901 - 16ec WmiPrvSE.exe 0 0 0 normal

 

 

----------------------------------

10 - Service

----------------------------------

 

1001 - SAS Core Service - ["C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"]

1001 - Adobe Acrobat Update Service - ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"]

1001 - Advanced SystemCare Service 5 - [C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe]

1001 - Application Experience - [C:\windows\system32\svchost.exe -k netsvcs]

1001 - AMD External Events Utility - [C:\windows\system32\atiesrxx.exe]

1001 - Application Host Helper Service - [C:\windows\system32\svchost.exe -k apphost]

1001 - Windows Audio Endpoint Builder - [C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Audio - [C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Base Filtering Engine - [C:\windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Background Intelligent Transfer Service - [C:\windows\System32\svchost.exe -k netsvcs]

1001 - Computer Browser - [C:\windows\System32\svchost.exe -k netsvcs]

1001 - Cryptographic Services - [C:\windows\system32\svchost.exe -k NetworkService]

1001 - DHCP Client - [C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - DNS Client - [C:\windows\system32\svchost.exe -k NetworkService]

1001 - Extensible Authentication Protocol - [C:\windows\System32\svchost.exe -k netsvcs]

1001 - Windows Event Log - [C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - COM+ Event System - [C:\windows\system32\svchost.exe -k LocalService]

1001 - Function Discovery Provider Host - [C:\windows\system32\svchost.exe -k LocalService]

1001 - Function Discovery Resource Publication - [C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Windows Font Cache Service - [C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Microsoft FTP Service - [C:\windows\system32\svchost.exe -k ftpsvc]

1001 - Human Interface Device Access - [C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - HomeGroup Listener - [C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - HomeGroup Provider - [C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - hpqcxs08 - [C:\windows\system32\svchost.exe -k hpdevmgmt]

1001 - HP CUE DeviceDiscovery Service - [C:\windows\system32\svchost.exe -k hpdevmgmt]

1001 - HP Network Devices Support - [C:\windows\system32\svchost.exe -k HPService]

1001 - IIS Admin Service - [C:\windows\system32\inetsrv\inetinfo.exe]

1001 - IKE and AuthIP IPsec Keying Modules - [C:\windows\system32\svchost.exe -k netsvcs]

1001 - IMF Service - [C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe]

1001 - PnP-X IP Bus Enumerator - [C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - CNG Key Isolation - [C:\windows\system32\lsass.exe]

1001 - Server - [C:\windows\system32\svchost.exe -k netsvcs]

1001 - Workstation - [C:\windows\System32\svchost.exe -k NetworkService]

1001 - TCP/IP NetBIOS Helper - [C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Multimedia Class Scheduler - [C:\windows\system32\svchost.exe -k netsvcs]

1001 - Windows Firewall - [C:\windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Message Queuing - [C:\windows\system32\mqsvc.exe]

1001 - Message Queuing Triggers - [C:\windows\system32\mqtgsvc.exe]

1001 - Net Driver HPZ12 - [C:\windows\System32\svchost.exe -k HPZ12]

1001 - Network Connections - [C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Net.Msmq Listener Adapter - ["C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator]

1001 - Net.Pipe Listener Adapter - ["C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"]

1001 - Network List Service - [C:\windows\System32\svchost.exe -k LocalService]

1001 - Net.Tcp Listener Adapter - ["C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"]

1001 - Net.Tcp Port Sharing Service - ["C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"]

1001 - Network Location Awareness - [C:\windows\System32\svchost.exe -k NetworkService]

1001 - Network Store Interface Service - [C:\windows\system32\svchost.exe -k LocalService]

1001 - Peer Networking Identity Manager - [C:\windows\System32\svchost.exe -k LocalServicePeerNet]

1001 - Peer Networking Grouping - [C:\windows\System32\svchost.exe -k LocalServicePeerNet]

1001 - Program Compatibility Assistant Service - [C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Plug and Play - [C:\windows\system32\svchost.exe -k DcomLaunch]

1001 - Pml Driver HPZ12 - [C:\windows\System32\svchost.exe -k HPZ12]

1001 - Peer Name Resolution Protocol - [C:\windows\System32\svchost.exe -k LocalServicePeerNet]

1001 - IPsec Policy Agent - [C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted]

1001 - Power - [C:\windows\system32\svchost.exe -k DcomLaunch]

1001 - User Profile Service - [C:\windows\system32\svchost.exe -k netsvcs]

1001 - Protected Storage - [C:\windows\system32\lsass.exe]

1001 - Security Accounts Manager - [C:\windows\system32\lsass.exe]

1001 - System Event Notification Service - [C:\windows\system32\svchost.exe -k netsvcs]

1001 - Shell Hardware Detection - [C:\windows\System32\svchost.exe -k netsvcs]

1001 - Simple TCP/IP Services - [C:\windows\System32\tcpsvcs.exe]

1001 - SNMP Service - [C:\windows\System32\snmp.exe]

1001 - Print Spooler - [C:\windows\System32\spoolsv.exe]

1001 - SSDP Discovery - [C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Windows Image Acquisition (WIA) - [C:\windows\system32\svchost.exe -k imgsvc]

1001 - Superfetch - [C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Themes - [C:\windows\System32\svchost.exe -k netsvcs]

1001 - TOSHIBA Optical Disc Drive Service - [C:\windows\system32\TODDSrv.exe]

1001 - TOSHIBA Power Saver - ["C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"]

1001 - Distributed Link Tracking Client - [C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - UPnP Device Host - [C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Desktop Window Manager Session Manager - [C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - World Wide Web Publishing Service - [C:\windows\system32\svchost.exe -k iissvcs]

1001 - Windows Process Activation Service - [C:\windows\system32\svchost.exe -k iissvcs]

1001 - Windows Connect Now - Config Registrar - [C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Windows Management Instrumentation - [C:\windows\system32\svchost.exe -k netsvcs]

1001 - WLAN AutoConfig - [C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Live ID Sign-in Assistant - ["C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"]

1001 - Windows Media Player Network Sharing Service - ["C:\Program Files\Windows Media Player\wmpnetwk.exe"]

1001 - Windows Search - [C:\windows\system32\SearchIndexer.exe /Embedding]

1001 - Windows Update - [C:\windows\system32\svchost.exe -k netsvcs]

1001 - Windows Driver Foundation - User-mode Driver Framework - [C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

 

----------------------------------

11 - Windows Express

----------------------------------

 

1101 - System Score : 2.8

1102 - Memory Score : 4.9

1103 - CPU Score : 2.8

1104 - Graphics Score : 4.2

1105 - Gaming Score : 5.5

1106 - Disk Score : 5.5

 

----------------------------------

12 - Event Log

----------------------------------

 

1201 - Time : 12/24/2011 3:23:19 AM

1202 - Source : Application Error

1203 - Description : Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0xe2c Faulting application start time: 0x01ccc13359a7fb37 Faulting application path: C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: 919a3315-2d9b-11e1-9e79-00266cbc4679

 

1201 - Time : 12/23/2011 5:36:38 PM

1202 - Source : SideBySide

1203 - Description : Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

 

1201 - Time : 12/23/2011 1:26:23 PM

1202 - Source : WinMgmt

1203 - Description : Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

1201 - Time : 12/23/2011 1:26:01 PM

1202 - Source : Windows Search Service

1203 - Description : The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

 

1201 - Time : 12/23/2011 1:26:01 PM

1202 - Source : Windows Search Service

1203 - Description : The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

 

1201 - Time : 12/23/2011 1:26:01 PM

1202 - Source : Windows Search Service

1203 - Description : The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

 

1201 - Time : 12/23/2011 1:26:01 PM

1202 - Source : Windows Search Service

1203 - Description : The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490)

 

1201 - Time : 12/23/2011 1:26:00 PM

1202 - Source : Windows Search Service

1203 - Description : The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

 

1201 - Time : 12/23/2011 1:26:00 PM

1202 - Source : Windows Search Service

1203 - Description : The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

 

1201 - Time : 12/23/2011 1:26:00 PM

1202 - Source : Windows Search Service

1203 - Description : The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

 

1201 - Time : 12/24/2011 3:23:23 AM

1202 - Source : Service Control Manager

1203 - Description : The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).

 

1201 - Time : 12/24/2011 3:23:15 AM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : There was an error while attempting to read the local hosts file.

 

1201 - Time : 12/24/2011 2:13:23 AM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : There was an error while attempting to read the local hosts file.

 

1201 - Time : 12/24/2011 2:13:11 AM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : There was an error while attempting to read the local hosts file.

 

1201 - Time : 12/24/2011 2:13:06 AM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : There was an error while attempting to read the local hosts file.

 

1201 - Time : 12/23/2011 3:47:13 PM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : There was an error while attempting to read the local hosts file.

 

1201 - Time : 12/23/2011 3:47:10 PM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : There was an error while attempting to read the local hosts file.

 

1201 - Time : 12/23/2011 3:47:07 PM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : There was an error while attempting to read the local hosts file.

 

1201 - Time : 12/23/2011 1:26:56 PM

1202 - Source : DCOM

1203 - Description : The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

1201 - Time : 12/23/2011 1:26:38 PM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : There was an error while attempting to read the local hosts file.

 

----------------------------------

End of file - 28679 Bytes

Link to comment
Share on other sites

log results as per "Guidelines for requesting malware removal assistance"

 

Many thanks to enoskype for your instructions and redirecting my above post to the correct forum. I have followed all the steps in the Guidelines for Requesting Malware Removal as best as I understood them. I hope my posting of the results of the three logs will be correct.

 

I did first clean the temp files as per the instructions in Step 1.

 

I Updated the ran a Full Scan in the IObit Malware Fighter as per the instructions in Step 2. As has been the case with every anti-malware, anti-spy, anti-virus I've ran since October trying to get rid of whatever redirects my search results to unwanted sites, the scan came up clean with zero threats found. The following is all I could find to post in the way of a log:

 

IObit Malware Fighter

 

OS: Windows 7

Version: 1.2.0.16

Define Version: 1087

Time Elapsed: 00:48:36

Objects Scanned: 69787

Threats Found: 0

Save Time: 12/24/2011 3:17:54 AM

 

|Name|Type|Description|ID|

 

 

As for Step 3, the DDS logs, I am a little unsure of exactly what it meant when the instructions say to "copy and paste the entire contents of both logs in your next reply in 2 separate posts", so I will just take that literally and hope I'm doing it right. I will make two reply's immediately following this one. The first will contain the DDS.txt log, the next will be the Attach.txt log.

Link to comment
Share on other sites

DDS.txt log results

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Owner at 4:04:52 on 2011-12-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1639.798 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\svchost.exe -k apphost

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k ftpsvc

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\windows\system32\inetsrv\inetinfo.exe

C:\windows\system32\mqsvc.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\tcpsvcs.exe

C:\windows\System32\snmp.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\mqtgsvc.exe

C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\windows\system32\svchost.exe -k HPService

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files\ELANTECH\ETDCTRL.EXE

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://ixquick.com/eng/?th=night

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - No File

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 192.168.15.1

TCP: Interfaces\{9D0710A8-3902-426D-99EB-04B26732AC45} : DhcpNameServer = 192.168.15.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File

BHO-X64: Vgrabber - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]

R0 PCTCore;PCTools KDS;C:\windows\system32\drivers\PCTCore64.sys --> C:\windows\system32\drivers\PCTCore64.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-22 494424]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 ftpsvc;Microsoft FTP Service;C:\windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-11-22 820568]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-11-22 20336]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\system32\DRIVERS\LEqdUsb.Sys --> C:\windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\system32\DRIVERS\LHidEqd.Sys --> C:\windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-11-22 33184]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-11-22 21872]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-13 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-13 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-6 17152]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMSVC;Web Management Service;C:\windows\system32\inetsrv\wmsvc.exe --> C:\windows\system32\inetsrv\wmsvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-12-21 04:33:52 -------- d-----w- C:\Users\Owner\AppData\Local\{01F35E8D-BC73-428F-A9B1-AA712A903765}

2011-12-19 21:25:15 -------- d-----w- C:\Users\Owner\AppData\Local\{C39A2696-9E8C-4EC4-B251-8B8032F5D130}

2011-12-19 21:25:02 -------- d-----w- C:\Users\Owner\AppData\Local\{34C2C1FB-8D5B-4E54-BF3F-FFE209F5943B}

2011-12-19 04:03:26 -------- d-----w- C:\Users\Owner\AppData\Local\{DE019360-FB4E-469F-A630-DD0018AC54FF}

2011-12-19 04:03:13 -------- d-----w- C:\Users\Owner\AppData\Local\{26F4DDC8-1E08-4981-B9DA-864CF8E28174}

2011-12-18 12:25:52 -------- d-----w- C:\Users\Owner\AppData\Local\{C2ECC46C-0072-486F-B182-B732780F1115}

2011-12-18 12:25:39 -------- d-----w- C:\Users\Owner\AppData\Local\{14A72F66-DB60-4449-A010-4E6374407711}

2011-12-18 00:25:05 -------- d-----w- C:\Users\Owner\AppData\Local\{2BC7A39B-D963-47BF-824F-0083548C5F63}

2011-12-18 00:24:51 -------- d-----w- C:\Users\Owner\AppData\Local\{2E482740-34EB-4979-9FB3-2DACE5D9D3B1}

2011-12-17 21:46:29 -------- d-----w- C:\Program Files (x86)\TelevisionFanaticEI

2011-12-16 16:38:46 -------- d-----w- C:\Users\Owner\AppData\Local\{A5CEC016-2652-4C6F-B0B8-C6EB6897EFDE}

2011-12-16 16:38:33 -------- d-----w- C:\Users\Owner\AppData\Local\{C7131A6B-8922-428D-894B-D7A6AC12FE48}

2011-12-16 01:14:59 2309120 ----a-w- C:\windows\System32\jscript9.dll

2011-12-16 01:14:58 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll

2011-12-16 01:14:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2011-12-16 01:14:56 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2011-12-16 01:08:04 43520 ----a-w- C:\windows\System32\csrsrv.dll

2011-12-16 01:08:02 3145216 ----a-w- C:\windows\System32\win32k.sys

2011-12-16 01:08:01 723456 ----a-w- C:\windows\System32\EncDec.dll

2011-12-16 01:08:01 534528 ----a-w- C:\windows\SysWow64\EncDec.dll

2011-12-16 01:07:50 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2011-12-16 01:07:50 2048 ----a-w- C:\windows\System32\tzres.dll

2011-12-16 00:21:17 -------- d-----w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2011-12-16 00:16:18 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics

2011-12-15 22:47:04 -------- d-----w- C:\Users\Owner\AppData\Local\{20A1FFD8-59E6-4AC8-A136-70FF605D2E14}

2011-12-15 22:46:51 -------- d-----w- C:\Users\Owner\AppData\Local\{E02DDB76-EE8E-43A6-BD70-1B4B7FB287B1}

2011-12-15 21:42:30 -------- dc-h--w- C:\ProgramData\~0

2011-12-15 04:01:54 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Corporation

2011-12-12 15:22:47 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-12-12 15:22:30 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-12-12 08:51:16 -------- d-----w- C:\Program Files (x86)\Smallvideosoft

2011-12-12 08:35:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\ConverterLite

2011-12-12 04:59:18 -------- d-----w- C:\Users\Owner\AppData\Local\{0797A65D-A11E-4B11-AC92-C38C6D70907F}

2011-12-12 04:59:05 -------- d-----w- C:\Users\Owner\AppData\Local\{FDA27286-7723-4845-A5E2-031CE0BBFB4B}

2011-12-09 01:04:34 -------- d-----w- C:\Users\Owner\AppData\Local\{6633FAA1-01A8-4D20-8590-AB48C9547DF6}

2011-12-09 01:04:21 -------- d-----w- C:\Users\Owner\AppData\Local\{AA31DC50-45B9-4556-953B-7551784BB124}

2011-12-09 00:11:40 -------- d-----w- C:\Users\Owner\AppData\Local\http___www.julien-manici

2011-12-08 23:21:01 -------- d-----w- C:\Program Files (x86)\Julien MANICI

2011-12-08 17:47:29 -------- d-----w- C:\Users\Owner\AppData\Local\{FB4B5A7B-EB18-4B33-9BA7-C655E40483E1}

2011-12-08 05:46:56 -------- d-----w- C:\Users\Owner\AppData\Local\{B2853266-F662-4E6F-B0F9-49EEEB8B6C88}

2011-12-08 05:46:40 -------- d-----w- C:\Users\Owner\AppData\Local\{F3474CCA-3A9D-492B-8CC5-4289CF504CC4}

2011-12-07 15:33:17 -------- d-----w- C:\Users\Owner\AppData\Local\{16520C93-DB63-48AA-8AF8-6417A2AD575F}

2011-12-07 15:33:03 -------- d-----w- C:\Users\Owner\AppData\Local\{D1A2E3E2-5A84-4DAE-BF66-CAF258E58C1C}

2011-12-07 10:05:20 306648 ----a-w- C:\windows\System32\drivers\pctgntdi64.sys

2011-12-07 10:05:20 133072 ----a-w- C:\windows\System32\drivers\pctwfpfilter64.sys

2011-12-07 10:05:13 218056 ----a-w- C:\windows\System32\drivers\PCTCore64.sys

2011-12-07 10:05:01 92896 ----a-w- C:\windows\System32\drivers\pctplsg64.sys

2011-12-07 10:04:47 -------- d-----w- C:\Program Files (x86)\Spyware Doctor

2011-12-07 10:04:47 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-12-07 02:10:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\GetRightToGo

2011-12-07 01:22:22 72280 ----a-w- C:\windows\System32\drivers\sbapifs.sys

2011-12-07 01:16:14 -------- d-----w- C:\Users\Owner\AppData\Local\Sunbelt Software

2011-12-06 21:26:19 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys

2011-12-06 21:23:28 -------- d-----w- C:\Program Files (x86)\Lavasoft

2011-12-05 14:06:55 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-12-05 05:10:17 709456 ----a-w- C:\unins000 (2).exe

2011-12-03 10:21:32 53248 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-12-03 10:21:22 -------- d-----w- C:\Users\Owner\AppData\Local\Logishrd

2011-12-03 08:31:23 -------- d-----w- C:\Microsoft

2011-12-02 08:03:11 -------- d-----w- C:\Users\Owner\AppData\Local\{2A0684E6-0422-4D81-B66F-BB2334E468D7}

2011-12-02 08:02:58 -------- d-----w- C:\Users\Owner\AppData\Local\{3E9EB2A2-99EA-4473-BD4C-DFB996DC6236}

2011-12-02 02:14:13 -------- d--h--w- C:\$AVG

2011-12-02 01:16:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVG2012

2011-12-02 01:16:31 -------- d--h--w- C:\ProgramData\Common Files

2011-12-02 01:15:00 -------- d-----w- C:\ProgramData\AVG2012

2011-12-02 01:05:35 -------- d-----w- C:\ProgramData\MFAData

2011-12-01 15:58:15 -------- d-----w- C:\ProgramData\WEBREG

2011-12-01 15:56:38 -------- d-----w- C:\Users\Owner\AppData\Local\HP

2011-12-01 15:54:25 254464 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfpp101.dll

2011-12-01 15:52:33 -------- d-----w- C:\Program Files (x86)\Coupons

2011-12-01 15:52:24 -------- d-----w- C:\ProgramData\HP Photo Creations

2011-12-01 15:52:24 -------- d-----w- C:\Program Files (x86)\HP Photo Creations

2011-12-01 15:52:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\HpUpdate

2011-12-01 15:48:54 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2011-12-01 15:48:50 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2011-12-01 15:46:32 138752 ----a-w- C:\windows\System32\hpf3l101.dll

2011-12-01 15:45:30 -------- d-----w- C:\Program Files\HP

2011-12-01 15:37:05 345960 ----a-w- C:\windows\System32\hpzids40.dll

2011-12-01 15:37:04 1408000 ----a-w- C:\windows\System32\hpost_p04a.dll

2011-12-01 15:37:04 1175552 ----a-w- C:\windows\System32\hposwia_p04a.dll

2011-12-01 15:37:03 521216 ----a-w- C:\windows\System32\hposc_p04a.dll

2011-12-01 13:18:58 -------- d-----w- C:\Program Files (x86)\HP

2011-11-29 12:35:38 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-29 12:35:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-25 20:08:31 -------- d-----w- C:\Users\Owner\AppData\Local\{F8A0F975-01CF-401E-998D-42FA91D58AC7}

2011-11-25 20:08:17 -------- d-----w- C:\Users\Owner\AppData\Local\{CE554B75-0847-4B82-A309-66C6D0E4EBB2}

.

==================== Find3M ====================

.

2011-12-03 10:20:46 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys

2011-11-19 09:29:51 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 18:34:33 65024 --sha-r- C:\windows\SysWow64\INETRES0.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-10-20 04:10:14 22872 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe

2011-09-29 16:29:28 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys

2011-09-29 14:11:58 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2011-09-29 14:11:58 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

.

============= FINISH: 4:08:12.52 ===============

Link to comment
Share on other sites

Attach.txt logfile

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/17/2011 10:28:54 AM

System Uptime: 12/24/2011 2:18:39 AM (2 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 220 GiB total, 146.666 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP79: 12/3/2011 4:42:04 AM - IObit Uninstaller restore point

RP80: 12/6/2011 4:20:36 PM - Installed Ad-Aware

RP81: 12/6/2011 4:22:58 PM - Installed Ad-Aware

RP82: 12/6/2011 4:27:25 PM - Installed Ad-Aware

RP83: 12/6/2011 4:28:10 PM - Installed Ad-Aware

RP84: 12/6/2011 4:30:40 PM - Installed Ad-Aware

RP85: 12/6/2011 8:47:15 PM - me

RP86: 12/8/2011 6:19:39 PM - Installed Windows 7 Logon Background Changer

RP87: 12/8/2011 6:49:46 PM - Restore Operation

RP88: 12/12/2011 3:45:22 AM - IObit Uninstaller restore point

RP89: 12/12/2011 9:03:34 AM - IObit Uninstaller restore point

RP90: 12/12/2011 9:12:42 AM - IObit Uninstaller restore point

RP91: 12/12/2011 9:13:10 AM - Removed GIMP

RP92: 12/12/2011 9:35:32 AM - IObit Uninstaller restore point

RP93: 12/12/2011 9:38:45 AM - IObit Uninstaller restore point

RP94: 12/12/2011 10:22:02 AM - Windows Update

RP95: 12/13/2011 10:50:30 PM - Windows Modules Installer

RP96: 12/14/2011 12:41:52 AM - Windows Update

RP97: 12/14/2011 11:00:15 PM - Installed Windows 7 Upgrade Advisor

RP98: 12/14/2011 11:08:41 PM - IObit Uninstaller restore point

RP99: 12/14/2011 11:09:17 PM - Removed Windows 7 Upgrade Advisor

RP100: 12/14/2011 11:10:17 PM - IObit Uninstaller restore point

RP101: 12/15/2011 5:01:37 PM - Installed Windows 7 Logon Background Changer

RP102: 12/15/2011 7:17:34 PM - IObit Uninstaller restore point

RP103: 12/15/2011 7:19:34 PM - IObit Uninstaller restore point

RP104: 12/15/2011 7:49:52 PM - Restore Operation

RP105: 12/15/2011 8:13:03 PM - Windows Update

RP106: 12/15/2011 8:25:35 PM - IObit Uninstaller restore point

RP107: 12/15/2011 9:05:26 PM - IObit Uninstaller restore point

RP108: 12/15/2011 9:46:45 PM - Restore Operation

RP109: 12/16/2011 5:43:56 AM - IObit Uninstaller restore point

RP110: 12/16/2011 5:51:37 AM - Removed Ad-Aware

RP111: 12/16/2011 5:55:22 AM - IObit Uninstaller restore point

RP112: 12/16/2011 5:56:43 AM - Removed GIMP

RP113: 12/16/2011 6:00:18 AM - Windows Update

RP114: 12/17/2011 4:38:27 AM - Installed Windows 7 Logon Background Changer

RP115: 12/18/2011 2:29:41 AM - IObit Uninstaller restore point

RP116: 12/18/2011 2:32:37 AM - IObit Uninstaller restore point

RP117: 12/18/2011 2:35:09 AM - IObit Uninstaller restore point

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.6

Advanced SystemCare 5

Agree Free 3GP to AVI FLV WMV iPhone MOV Converter Pro 5.0

Any Audio Converter 3.2.7

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Audacity 1.3.13 (Unicode)

BufferChm

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Coupon Printer for Windows

D110

D3DX10

Destinations

DeviceDiscovery

eReg

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

HP Photo Creations

HP Product Detection

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

IObit Malware Fighter

Java Auto Updater

Java 6 Update 20

Junk Mail filter update

K-Lite Codec Pack 4.0.0 (Full)

Label@Once 1.0

LAME v3.98.3 for Audacity

MAGIX Slideshow Maker 2

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

Mesh Runtime

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PlayReady PC Runtime x86

PokerStars.net

PS_AIO_07_D110_SW_Min

QuickTransfer

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

RealUpgrade 1.1

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Skype Launcher

SmartWebPrinting

SolutionCenter

Sophos Anti-Rootkit 1.5.20

Status

swMSM

Toolbox

Toshiba App Place

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Visual Studio 2008 x64 Redistributables

WebReg

Windows 7 Logon Background Changer

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

12/24/2011 2:20:54 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/24/2011 2:20:16 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

12/24/2011 2:20:16 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

12/24/2011 2:20:03 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

12/24/2011 2:19:54 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/24/2011 2:16:55 AM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).

12/23/2011 2:23:23 PM, Error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).

12/22/2011 1:04:47 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MARKM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9D0710A8-3902-426D-99EB-04B26732AC45}. The master browser is stopping or an election is being forced.

12/21/2011 5:45:38 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Owner-PC\Owner SID (S-1-5-21-2803608237-314809059-806830840-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/21/2011 5:45:38 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Owner-PC\Owner SID (S-1-5-21-2803608237-314809059-806830840-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/18/2011 3:33:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

.

==== End Of File ===========================

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

I see you are running Poker Stars. Poker Stars has a history of distributing spyware in their products. However, security experts still question this program as good or bad. I recommend to remove it to prevent spyware, but it is up to you to decide if you want to keep it.

 

If you would like to uninstall it, do so as follows:

 

Press Start, and navigate to the Control Panel. When in the control panel enter Add or Remove programs. Search for and locate PokerStars, and either click Change/Remove or Remove.

***********************************************************

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

***************************************************

Download OTL to your desktop.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL

uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File
BHO: {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [<NO NAME>] 
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File
BHO-X64: Vgrabber - No File
BHO-X64: {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - No File
BHO-X64: HP Smart BHO Class - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

************************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

************************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...