Help! Netbook is VERY slow

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ktmac

Thread Starter
Joined
Dec 23, 2012
Messages
23
I have an ASUS Eee netbook with Windows 7 Starter that has been running slowly for awhile, but I think it has gotten progressively worse. Even just opening an email can take a while. In the last couple weeks, when I try to play a video, it takes a good 10-20 seconds before I get any sound. I couldn't get through the GMER scan. I got an error message saying that it couldn't continue because there was an issue. The results for the other scans are below, though. Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:18:35 PM, on 12/22/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Protected Search\ProtectedSearch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Fitbit\fitbit-tray.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Users\Katie\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2938
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2938
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: DownTango Launcher - {8d3ec233-b92d-4187-a506-284127cfba2d} - C:\Users\Katie\AppData\Roaming\DownTango4SToolbar\DownTango4SToolbar.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~1\WINZIP~1\wzwmcie.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: DownTango Launcher - {8d3ec233-b92d-4187-a506-284127cfba2d} - C:\Users\Katie\AppData\Roaming\DownTango4SToolbar\DownTango4SToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
O4 - HKCU\..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\Katie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Google Update] "C:\Users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Fitbit Service Monitor] C:\Program Files\Fitbit\fitbit-tray.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - C:\Users\Katie\AppData\Roaming\DownTango4SToolbar\DownTango4SToolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Fitbit Data Uploader (Fitbit) - Fitbit, Inc. - C:\Program Files\Fitbit\fitbit.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 17828 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Katie at 23:23:08 on 2012-12-22
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1015.88 [GMT -5:00]
.
AV: Trend Micro Titanium 2012 *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium 2012 *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\windows\system32\conhost.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fitbit\fitbit.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Protected Search\ProtectedSearch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Fitbit\fitbit-tray.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\DllHost.exe
C:\Users\Katie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
uSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
uDefault_Page_URL = hxxp://asus.msn.com
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: DownTango Launcher: {8d3ec233-b92d-4187-a506-284127cfba2d} - c:\users\katie\appdata\roaming\downtango4stoolbar\DownTango4SToolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - c:\program files\winzip courier\wzwmcie.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\trend micro\amsp\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: DownTango Launcher: {8d3ec233-b92d-4187-a506-284127cfba2d} - c:\users\katie\appdata\roaming\downtango4stoolbar\DownTango4SToolbar.dll
uRun: [TivoServer] c:\program files\tivo\desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] c:\program files\tivo\desktop\TiVoTransfer.exe
uRun: [TivoNotify] c:\program files\tivo\desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
uRun: [TranscodingService] c:\program files\tivo\desktop\plus\\TranscodingService.exe
uRun: [cdloader] "c:\users\katie\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\users\katie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Fitbit Service Monitor] c:\program files\fitbit\fitbit-tray.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
StartupFolder: c:\users\katie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d}
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{258CA9DF-74F6-4BCC-B9E8-406F5544861D} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3E40BC18-5BAB-4EFF-B923-1BC69EDAFCDB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3E40BC18-5BAB-4EFF-B923-1BC69EDAFCDB}\3756C6C6562737 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{3E40BC18-5BAB-4EFF-B923-1BC69EDAFCDB}\7596E676164756022697027597E6468616D6 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{3E40BC18-5BAB-4EFF-B923-1BC69EDAFCDB}\7657563747 : DHCPNameServer = 205.152.132.23 205.152.37.23
TCP: Interfaces\{3E40BC18-5BAB-4EFF-B923-1BC69EDAFCDB}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3E40BC18-5BAB-4EFF-B923-1BC69EDAFCDB}\D436B496E6E6F6E6E456472323 : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-7-25 11832]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-1-13 76648]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-11-16 51712]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-29 39272]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-7-19 21992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]
.
=============== Created Last 30 ================
.
2012-12-23 03:30:28 -------- d-----w- c:\users\katie\appdata\local\ElevatedDiagnostics
2012-12-23 01:42:07 -------- d-----w- c:\users\katie\appdata\local\{CC7E15F9-9AE1-44FB-8762-C98B5A2DE786}
2012-12-22 13:28:44 -------- d-----w- c:\users\katie\appdata\local\{8C512368-93BC-46F1-9B1A-1EAA277A2634}
2012-12-22 01:28:29 -------- d-----w- c:\users\katie\appdata\local\{B87BBF1F-8E75-4954-AD92-7AD108F2D8AB}
2012-12-21 13:31:52 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 13:31:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 13:27:44 -------- d-----w- c:\users\katie\appdata\local\{11176C4C-4B71-49A0-AC5D-909396767D80}
2012-12-21 00:50:48 -------- d-----w- c:\users\katie\appdata\local\{C5655310-B255-42C2-B1DF-D73C7C2F6192}
2012-12-20 12:50:35 -------- d-----w- c:\users\katie\appdata\local\{0506A585-F8C6-445C-AF72-F8D78B7EF94D}
2012-12-20 00:50:16 -------- d-----w- c:\users\katie\appdata\local\{24736534-783D-40A9-ACDD-422E2C61C45C}
2012-12-19 20:48:49 -------- d-----w- c:\users\katie\appdata\local\{96EFE8F5-FFB0-40E5-8EFE-E3A1470A256C}
2012-12-19 04:33:15 -------- d-----w- c:\users\katie\appdata\local\{196D5152-B316-456E-A41F-5868F28A659D}
2012-12-18 11:49:45 -------- d-----w- c:\users\katie\appdata\local\{2CB06E51-CAEB-4469-966E-23D5D209CC7D}
2012-12-17 23:00:38 -------- d-----w- c:\users\katie\appdata\local\{59D2AD88-A55A-4160-891F-F403D8245714}
2012-12-17 04:49:42 -------- d-----w- c:\users\katie\appdata\local\{CD95D3C4-6F76-4271-BEC3-E1EA0C011F42}
2012-12-16 04:48:43 -------- d-----w- c:\users\katie\appdata\local\{D0E18CD3-952A-48BD-90BB-0DA4167C629D}
2012-12-16 00:36:56 -------- d-----w- c:\users\katie\appdata\local\{0F50185E-FB3F-4125-84CB-3344CFB2AE14}
2012-12-15 11:30:27 -------- d-----w- c:\users\katie\appdata\local\{EC2A2086-9729-4465-8825-83EDEA87031A}
2012-12-14 23:01:49 -------- d-----w- c:\users\katie\appdata\local\{EB6EA293-AE19-4AE8-A031-01331A6928D5}
2012-12-14 00:36:41 -------- d-----w- c:\users\katie\appdata\local\{DDA7FB13-F169-4D20-BDAA-EDF33F6FDF69}
2012-12-13 12:35:32 -------- d-----w- c:\users\katie\appdata\local\{91BA1F53-E07D-4BFD-B436-250E8292C524}
2012-12-13 00:11:59 -------- d-----w- c:\users\katie\appdata\local\{3219CA7D-A9E8-401A-9BFA-149A40ED466B}
2012-12-12 12:38:50 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 12:38:43 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 12:38:09 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 12:38:07 271360 ----a-w- c:\windows\system32\conhost.exe
2012-12-12 12:38:07 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-12-12 12:34:13 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 12:09:33 -------- d-----w- c:\users\katie\appdata\local\{F0BE0060-6453-44FB-AC72-8367C6287451}
2012-12-11 23:02:40 -------- d-----w- c:\users\katie\appdata\local\{397C7594-FA5C-43AB-94B1-CD5F09CA39FC}
2012-12-11 02:44:09 -------- d-----w- c:\users\katie\appdata\local\{09C1CE83-D82B-4BB3-A51E-132FC7E3EB02}
2012-12-10 19:17:08 -------- d-----w- c:\users\katie\appdata\local\{95D941F3-A3D1-43B3-B625-47C3386B6F69}
2012-12-10 02:37:02 -------- d-----w- c:\users\katie\appdata\local\{35CF5593-5813-4C1C-9E0C-F7CD37415F76}
2012-12-09 14:19:04 -------- d-----w- c:\users\katie\appdata\local\{E0EA87E7-8B39-4648-B658-82BFD79E1665}
2012-12-09 02:18:15 -------- d-----w- c:\users\katie\appdata\local\{96FA52EF-1575-402B-8898-B27B25572781}
2012-12-08 13:35:15 -------- d-----w- c:\users\katie\appdata\local\{7E6CB14B-7ECF-4372-A681-388E25D01E7E}
2012-12-08 01:34:13 -------- d-----w- c:\users\katie\appdata\local\{17034B6B-8AD7-41F9-BD0C-7264DA26564E}
2012-12-07 13:18:25 -------- d-----w- c:\users\katie\appdata\local\{DA031985-9730-495C-8241-07BF38F7C398}
2012-12-06 22:59:52 -------- d-----w- c:\users\katie\appdata\local\{A82D1584-CA05-4DEC-871C-6A8C4A544F12}
2012-12-06 04:02:31 -------- d-----w- c:\users\katie\appdata\local\{CBADCEF0-A7E5-47D2-B79E-25DEA7B3C8FC}
2012-12-05 19:46:40 -------- d-----w- c:\users\katie\appdata\local\{5907641F-2F40-4FA2-9184-33EDA3A28300}
2012-12-05 02:56:12 -------- d-----w- c:\users\katie\appdata\local\{F6636D69-4730-4665-8F64-E42F28481DA1}
2012-12-04 13:44:50 -------- d-----w- c:\users\katie\appdata\local\{9653B93B-BF62-462C-B471-EF318E5474F5}
2012-12-03 22:18:37 -------- d-----w- c:\users\katie\appdata\local\{3EA5C19C-2EC0-480A-BC33-AFE452979948}
2012-12-03 02:29:49 -------- d-----w- c:\users\katie\appdata\local\{0800EA05-BFFF-4681-AF51-42132B93EA83}
2012-12-02 14:29:36 -------- d-----w- c:\users\katie\appdata\local\{AD2D2EF7-5D9B-4FB1-A08C-3E8F79491E11}
2012-12-02 02:29:22 -------- d-----w- c:\users\katie\appdata\local\{F17E82F3-AB4E-46A7-8A3C-FDEC5F1711A2}
2012-12-01 16:31:09 -------- d-----w- c:\programdata\Canon_Inc_IC
2012-12-01 14:29:08 -------- d-----w- c:\users\katie\appdata\local\{A82156AC-E8F7-41E4-8575-60416BDF8669}
2012-12-01 03:46:51 -------- d-----w- c:\users\katie\appdata\roaming\calibre
2012-12-01 03:43:55 -------- d-----w- c:\program files\Calibre2
2012-12-01 02:19:33 -------- d-----w- c:\users\katie\appdata\local\{7247507C-B6CC-4FC5-B847-991F1562A3F0}
2012-11-30 13:29:06 -------- d-----w- c:\users\katie\appdata\local\{3F23FABE-9709-408B-B892-01DDB3115A80}
2012-11-30 01:11:43 -------- d-----w- c:\users\katie\appdata\local\{2372A58E-F76F-48DD-86B3-2724A22CE32B}
2012-11-29 12:54:04 -------- d-----w- c:\users\katie\appdata\local\{DA1B0C8B-C83F-44A0-B9DA-167112104062}
2012-11-29 00:53:32 -------- d-----w- c:\users\katie\appdata\local\{9042B141-C3B8-4D2F-8B96-A6029A95CFF0}
2012-11-28 12:53:10 -------- d-----w- c:\users\katie\appdata\local\{61F2A46E-0273-4195-B709-C0E94EAECBFF}
2012-11-28 00:52:38 -------- d-----w- c:\users\katie\appdata\local\{3D9470D0-311F-4042-819B-0380FB1EED39}
2012-11-27 12:48:29 -------- d-----w- c:\users\katie\appdata\local\{BBB8DABE-377F-4053-9BCE-D3DFCD84193C}
2012-11-27 00:48:16 -------- d-----w- c:\users\katie\appdata\local\{40E6AEC3-248F-4CB2-A36D-D1E3209A6278}
2012-11-26 12:48:03 -------- d-----w- c:\users\katie\appdata\local\{4EDC992B-574D-41FA-8FA7-5C452C315E5A}
2012-11-26 00:47:47 -------- d-----w- c:\users\katie\appdata\local\{4E8CD9B4-8374-49F8-9E44-E55F70D01051}
2012-11-25 12:47:30 -------- d-----w- c:\users\katie\appdata\local\{8C50C976-81D0-4F4B-B991-69CAFC3F86F3}
2012-11-25 00:47:16 -------- d-----w- c:\users\katie\appdata\local\{065E0F37-489E-4760-8FC2-D75A10558C3D}
2012-11-24 12:46:57 -------- d-----w- c:\users\katie\appdata\local\{2EE4DE38-1CA0-4592-9B67-1047EC89F6A4}
2012-11-24 03:26:17 -------- d-----w- c:\programdata\Canon IJ Network Tool
2012-11-24 03:25:59 323584 ----a-w- c:\windows\system32\CNC_AUL.dll
2012-11-24 03:25:58 286720 ----a-w- c:\windows\system32\CNC_AUC.dll
2012-11-24 03:25:58 114688 ----a-w- c:\windows\system32\CNC_AUU.dll
2012-11-24 03:25:58 114688 ----a-w- c:\windows\system32\CNC_AUI.dll
2012-11-24 03:25:57 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-11-24 03:23:44 84992 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAU.DLL
2012-11-24 03:23:44 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAU.DLL
2012-11-24 03:21:57 311296 ----a-w- c:\windows\system32\CNMLMAU.DLL
2012-11-24 03:21:44 184320 ----a-w- c:\windows\system32\CNMIUAU.DLL
2012-11-24 03:21:03 366592 ----a-w- c:\windows\system32\CNMNPPM.DLL
2012-11-24 03:21:03 35840 ----a-w- c:\windows\system32\CNMNPUI.DLL
2012-11-24 03:21:03 -------- d-----w- c:\windows\system32\STRING
2012-11-24 03:18:37 -------- d-----w- c:\program files\Canon
2012-11-23 17:37:41 -------- d-----w- c:\users\katie\appdata\local\{54AA25FE-1A88-4073-9430-C21C90E96008}
2012-11-23 04:51:03 -------- d-----w- c:\users\katie\appdata\local\{A5FDE613-6442-4D70-8127-2D180B79B4B2}
.
==================== Find3M ====================
.
2012-12-12 03:46:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 03:46:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-25 02:01:24 95224 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-09-25 02:00:48 76648 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-09-25 02:00:12 257952 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-24 19:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 23:28:44.43 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2010 9:58:25 PM
System Uptime: 12/22/2012 12:19:14 AM (23 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 64.209 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP223: 11/29/2012 5:31:13 AM - Windows Update
RP224: 11/30/2012 10:36:58 PM - Installed calibre
RP225: 12/8/2012 10:53:39 AM - Scheduled Checkpoint
RP226: 12/13/2012 7:50:33 AM - Windows Update
RP227: 12/21/2012 8:28:02 AM - Windows Update
RP228: 12/22/2012 9:56:12 PM - Removed PlayOn
RP229: 12/22/2012 10:03:05 PM - Removed Safari
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate for Eee PC
AsusVibe2.0
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audible Download Manager
Bing Bar
Boingo Wi-Fi
Bonjour
calibre
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MG6200 series MP Drivers
Chicken Invaders 2
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
D3DX10
DownTango Launcher 1.6
E-Cam
ebi.BookReader3J
Eee Docking 3.6.0
Fitbit Base Station (Driver Removal)
Fitbit v2.1.0.8
FontResizer
Game Park Console
Google Chrome
Hotkey Service
iCloud
ieSpell
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
LeapFrog Connect
LeapFrog My Pals Plugin
LiveUpdate
magicJack
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office Language Pack 2007 - Dutch/Nederlands
Microsoft Office Language Pack 2007 - French/Français
Microsoft Office Language Pack 2007 - German/Deutsch
Microsoft Office Language Pack 2007 - Italian/Italiano
Microsoft Office Live Add-in 1.5
Microsoft Office O MUI (Dutch) 2007
Microsoft Office O MUI (French) 2007
Microsoft Office O MUI (German) 2007
Microsoft Office O MUI (Italian) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (Dutch) 2007
Microsoft Office SharePoint Designer MUI (French) 2007
Microsoft Office SharePoint Designer MUI (German) 2007
Microsoft Office SharePoint Designer MUI (Italian) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Italian) 2007
Microsoft Office X MUI (Dutch) 2007
Microsoft Office X MUI (French) 2007
Microsoft Office X MUI (German) 2007
Microsoft Office X MUI (Italian) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
OGA Notifier 2.0.0048.0
OverDrive Media Console
Protected Search 1.1
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype web features
Skype™ 5.10
Super Hybrid Engine
Synaptics Pointing Device Driver
TiVo Desktop 2.8.1
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Trend Micro Titanium
Trend Micro Titanium 2012
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip Courier
YNAB 3
.
==== Event Viewer Messages From Past Week ========
.
12/22/2012 9:36:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.
12/22/2012 7:43:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/22/2012 5:43:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
12/22/2012 1:12:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/22/2012 1:12:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
12/21/2012 9:30:28 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.115. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
12/21/2012 7:51:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
12/21/2012 3:07:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
 
Joined
May 7, 2011
Messages
14,142
Hi, my name is Mark and I will be helping you.

IMPORTANT: Please take the time to read this first.
For the benefit of others that are waiting for help please try to respond as fast as you can and make sure you read all of the instructions I will be giving you to follow. Time spent waiting for replies or having to repeat questions keeps other people waiting in the queue for help.

I am in Spain at GMT+1 hour, I check my emails several times a day so will usually reply to your responses within a few hours or less unless it is night time here. During the evening here I will usually reply within minutes. Please try to do the same for a swift clean up. Some Malware needs to be dealt with quickly or it will multiply and become deeply embedded in your system and more difficult to find and remove, so quick replies will have more than one benefit.

Keep in mind that I cannot see your PC, so please give as much detail as possible if something goes wrong or you receive any error messages.

Malware can be unpredictable and often time consuming to remove, on rare occasions something can go awry and your system may need to have Windows re-installed. Please make sure before we start that you have copies of all your important data saved to an external hard drive or CD/DVD's. Please make sure you disconnect any external hard drives and/or Flash drives during the clean up.

If you have run any scans that found an infection please let me know.

DO NOT run any scans or make any changes that I have not asked you to do as this can cause misleading results and make my job much harder in trying to help you. Please also uninstall any file sharing software i.e. uTorrent, BitTorrent, etc, if you insist on keeping it do not use it until we are finished. Use of file sharing software is one of the easiest ways to get your PC infected.

If I get no reply from you for two days I will mark the thread as Solved and move on to helping someone else. If you know you will be unable to reply for any length of time please let me know in advance.

Please don't abandon the thread as soon as your PC starts to work normally again as there will be other important checks to make to help protect your system from re-infection. It is also important to follow the correct procedure when removing the tools used to ensure all quarantined infections are completely removed and infected Restore Points are safely deleted.

Stick with me and we can quickly clean up your PC, if you cannot dedicate the time then a Reformat and Re-install will be your quickest option.

_____________________________________________________________________________________

Please run these two scans and post the logs:

SCAN 1
Click on this link to download : ADWCleaner and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:


You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.





SCAN 2
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:


  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects.

 

ktmac

Thread Starter
Joined
Dec 23, 2012
Messages
23
Thanks in advance for your help! I am currently at GMT-8, just for reference.

# AdwCleaner v2.102 - Logfile created 12/25/2012 at 02:03:10
# Updated 23/12/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Katie - KATIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Katie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Katie\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://newtab.certified-toolbar.com/nie?si=41460&tid=2938&new=true --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : homepage = "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938",
Deleted [l.1651] : homepage = "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938",

*************************

AdwCleaner[S1].txt - [4685 octets] - [25/12/2012 02:03:10]

########## EOF - C:\AdwCleaner[S1].txt - [4745 octets] ##########


RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Katie [Admin rights]
Mode : Scan -- Date : 12/25/2012 02:21:25

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] TiVoServer.exe -- C:\Program Files\TiVo\Desktop\TiVoServer.exe -> KILLED [TermProc]
[SUSP PATH] TiVoTransfer.exe -- C:\Program Files\TiVo\Desktop\TiVoTransfer.exe -> KILLED [TermProc]
[SUSP PATH] TiVoNotify.exe -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : TivoServer (C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : TivoTransfer (C:\Program Files\TiVo\Desktop\TiVoTransfer.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : TivoNotify (C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : TranscodingService (C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3964756235-1547538428-318114823-1000[...]\Run : TivoServer (C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3964756235-1547538428-318114823-1000[...]\Run : TivoTransfer (C:\Program Files\TiVo\Desktop\TiVoTransfer.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3964756235-1547538428-318114823-1000[...]\Run : TivoNotify (C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3964756235-1547538428-318114823-1000[...]\Run : TranscodingService (C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[70] : NtCreateKey @ 0x81E46F46 -> HOOKED (Unknown @ 0x84E99A64)
SSDT[74] : NtCreateMutant @ 0x81E562B2 -> HOOKED (Unknown @ 0x84F0711C)
SSDT[79] : NtCreateProcess @ 0x81F220C3 -> HOOKED (Unknown @ 0x84E883C4)
SSDT[80] : NtCreateProcessEx @ 0x81F2210E -> HOOKED (Unknown @ 0x84E2E31C)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x81E47911 -> HOOKED (Unknown @ 0x84F396C4)
SSDT[87] : NtCreateThread @ 0x81F21ECA -> HOOKED (Unknown @ 0x84C957E4)
SSDT[88] : NtCreateThreadEx @ 0x81EB636B -> HOOKED (Unknown @ 0x84F3436C)
SSDT[93] : NtCreateUserProcess @ 0x81EB429D -> HOOKED (Unknown @ 0x84E23D24)
SSDT[103] : NtDeleteKey @ 0x81E31A27 -> HOOKED (Unknown @ 0x84C3F22C)
SSDT[106] : NtDeleteValueKey @ 0x81E2343E -> HOOKED (Unknown @ 0x84C9353C)
SSDT[111] : NtDuplicateObject @ 0x81E7767A -> HOOKED (Unknown @ 0x84F3968C)
SSDT[155] : NtLoadDriver @ 0x81E0BC20 -> HOOKED (Unknown @ 0x84F07154)
SSDT[190] : NtOpenProcess @ 0x81E57AF8 -> HOOKED (Unknown @ 0x84E8F09C)
SSDT[194] : NtOpenSection @ 0x81EAF8BB -> HOOKED (Unknown @ 0x84E44A6C)
SSDT[198] : NtOpenThread @ 0x81EA3FC3 -> HOOKED (Unknown @ 0x84C45554)
SSDT[290] : NtRenameKey @ 0x81EE1FAB -> HOOKED (Unknown @ 0x84F347F4)
SSDT[302] : NtRestoreKey @ 0x81ED7B5C -> HOOKED (Unknown @ 0x84C84C54)
SSDT[350] : NtSetSystemInformation @ 0x81E9429A -> HOOKED (Unknown @ 0x84F39654)
SSDT[358] : NtSetValueKey @ 0x81E50543 -> HOOKED (Unknown @ 0x84EFA62C)
SSDT[370] : NtTerminateProcess @ 0x81EA0BFB -> HOOKED (Unknown @ 0x84253F14)
SSDT[371] : NtTerminateThread @ 0x81EBE584 -> HOOKED (Unknown @ 0x84F341E4)
SSDT[399] : NtWriteVirtualMemory @ 0x81EA5958 -> HOOKED (Unknown @ 0x84F33EDC)
S_SSDT[584] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0xA5809F2C)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x85DFD134)

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543216L9SA00 +++++
--- User ---
[MBR] 4503d9bf5a67b1e16bd3386b66f0f0bd
[BSP] f30f5e968a65d4a64fc42340b5f68d85 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 142369 Mo
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 291573760 | Size: 10240 Mo
2 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312545280 | Size: 15 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12252012_02d0221.txt >>
RKreport[1]_S_12252012_02d0221.txt
 
Joined
May 7, 2011
Messages
14,142
ADWCleaner has removed quite a few Adware threats, but RogueKiller found no problems.

Has there been any improvement in the systems performance.

Please run this scan:

1. Download Malwarebytes Anti-Rootkit from this link mbar
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the Update completes, select Next



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:



11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:



12. Select "Yes" to close down the program. If NO infections were found you will see the following image:



13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

 

ktmac

Thread Starter
Joined
Dec 23, 2012
Messages
23
It seems to be running much faster already. I can't test a video to see if that issue has been resolved (I'm up with my baby right now), but I'll check that later this morning. The malware bytes scan found 2 files.

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.599000 GHz
Memory total: 1064558592, free: 94519296

------------ Kernel report ------------
12/26/2012 04:36:27
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\system32\DRIVERS\tmevtmgr.sys
\SystemRoot\system32\DRIVERS\tmactmon.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\tmtdi.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\AsUpIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\povrtdev.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\oleaut32.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\user32.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84c3e9a8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff83e49028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.26.09
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84c3e9a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84c3e5e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84c3e9a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84252958, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff83e49028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffbf25a7f8, 0xffffffff84c3e9a8, 0xffffffff837693a0
Lower DeviceData: 0xffffffffbf84bd48, 0xffffffff83e49028, 0xffffffffa59c4c50
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 998ABF18

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 291571712
Partition file system is NTFS
Partition is bootable

Partition 1 type is Other (0x1b)
Partition is NOT ACTIVE.
Partition starts at LBA: 291573760 Numsec = 20971520

Partition 2 type is Other (0xef)
Partition is NOT ACTIVE.
Partition starts at LBA: 312545280 Numsec = 31425

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search\Protected Search Settings.lnk --> [PUP.ProtectedSearch]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search --> [PUP.ProtectedSearch]
Done!
Scan finished
=======================================

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.26.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Katie :: KATIE-PC [administrator]

12/26/2012 5:17:55 AM
mbar-log-2012-12-26 (05-17-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30132
Time elapsed: 40 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search (PUP.ProtectedSearch) -> Delete on reboot.

Files Detected: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search\Protected Search Settings.lnk (PUP.ProtectedSearch) -> Delete on reboot.

(end)
 
Joined
May 7, 2011
Messages
14,142
Mbar has detected a program "Protected Search" as a PUP (Potentially unwanted program). This is most likely a false positive and nothing to worry about, but if you don't use this software I would suggest you remove it.

Let me know how the video test goes.

I would suggest running this scan to clear out temporary files, it may speed it up a little more. There is no log to post.

Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
When the window opens click on Start. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.
 

ktmac

Thread Starter
Joined
Dec 23, 2012
Messages
23
I did the video check before I ran the Temporary File Clean-up and it works great!!

Is there anything you would recommend as far as maintenance? (Being careful about downloads goes without saying. ;) )

Thanks so much for your help! Just let me know if there's anything more I need to do.
 
Joined
May 7, 2011
Messages
14,142
Glad to hear all is well. It would appear your only problem was a toolbar which ADWCleaner removed called search.certified, it had also hijacked your start and search pages.

These kind of infections are normally installed by mistake when installing new software, many programs come bundled with add-ons and if you don't look for the option to leave them out they get installed.

If you do regular scans with ADWCleaner, TFC and your Anti Virus it should help keep the PC clean. I would suggest you delete RogueKiller as it requires specialized knowledge to read the logs.

I can see in your logs that Java is out of date and older versions can be prone to get infected. Please run the following scan to check for any other security risks from out of date software, I'll then post instructions to update anything found.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.
 

ktmac

Thread Starter
Joined
Dec 23, 2012
Messages
23
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 37
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 18.0.1025.162
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro AMSP coreFrameworkHost.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
Joined
May 7, 2011
Messages
14,142
Please follow this to update Java and Adobe.

Adobe
Close any programs you may have running - especially your web browser.
Click on Start
> Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

Adobe Reader 10.1.4

NOTE: For XP click on
> Control Panel, double-click on Add or Remove Programs and continue as above.


Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.



You will now see a page similar to this one:



All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

============================================================


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java and update.

How to update Java:
Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement.
End user licence agreement

First uninstall all existing versions of Java.

  • Go to Start > Control Panel double-click on Add/Remove programs (or Programs and Features) and click on any item with Java, Java(TM), JRE or J2SE in the name.
  • Click the Uninstall, Remove or Change/Remove button and allow it to uninstall.
  • If a User Account Control warning appears click on Allow.
  • Repeat as many times as necessary to remove each and every item.
  • Reboot your computer once all Java components are removed.

NOTE: If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below,
but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?.
If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.


How to install the latest version.

  • Open the browser that you normally use and click on this link: Java Download
  • Click on the big red button Free Java Download
  • On the next page click on the big red button Agree and Start Free Download
  • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
  • When the Welcome to Java window appears click on Install.
  • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
  • If any error messages appear click on OK and then click on the Agree and start free download button again.
  • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
  • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
  • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
  • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
  • The Installation is now complete, please reboot the system.
  • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.
 

ktmac

Thread Starter
Joined
Dec 23, 2012
Messages
23
OK, great. I've updated both of those now.

I am getting a message every time I restart saying "An item with the same key has already been added." This started after I've been working to get rid of the malware. Any ideas what that could be?
 
Joined
May 7, 2011
Messages
14,142
A quick Google only gave me a rough idea that it is an error thrown when running new programs that you have written yourself. Do you get the same error appear if you boot into Safe Mode with Networking.
 

ktmac

Thread Starter
Joined
Dec 23, 2012
Messages
23
Ha! I have definitely not written any programs... I'll try to get into safe mode and see what happens.
 
Joined
May 7, 2011
Messages
14,142
Ok, as it does not happen in Safe Mode which only has the minimum of services and processes running we should be able to isolate the cause.


Part 1
Selective Startup (Clean Boot)
I would recommend you print out these instructions and follow them slowly, one line at a time, as it is very easy to get confused with this. Unfortunately this is probably the only way we can find what is causing your problem.

  • Click on Start
    then type msconfig into the Search box and hit the Enter key.
  • This screen should appear with the settings as shown:



  • Click on the Services tab and you should see this, click on the box next to Hide all Microsoft Services so a check mark appears.



  • Now click on the General tab and check the boxes as shown:



  • When done click on Apply and then OK.
  • The window will close and you will see a notification with two choices, click on Restart.


Now run the system and check to see if the problem has been cured. Tell me the outcome in your next reply.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top