1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

rundll32 error message - file is corrupt. I think!

Discussion in 'Virus & Other Malware Removal' started by mconnelly, Jan 26, 2013.

Thread Status:
Not open for further replies.
  1. mconnelly

    mconnelly Thread Starter

    Joined:
    Dec 23, 2011
    Messages:
    139
    I recieved a rundll32.exe error message. The message has stopped appearingand, I forget exactly what it said, but, the rundll32.exe file is still corupt as seen in the attached file. Below, I've copied and pasted the results as requested. I want to be able to properly identify and correct the issue. Any help is greatly appreciated.

    My system info is as follows:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, x64 Family 6 Model 15 Stepping 11
    Processor Count: 2
    RAM: 3317 Mb
    Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
    Hard Drives: C: Total - 303313 MB, Free - 92451 MB;
    Motherboard: Gateway,
    Antivirus: Microsoft Security Essentials, Updated and Enabled



    ark.txt:

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-25 19:19:31
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200BEVT-00A0RT0 rev.01.01A01 298.09GB
    Running: 5fzlpsmd.exe; Driver: C:\Users\Matthew\AppData\Local\Temp\fwliifow.sys

    ---- Kernel code sections - GMER 2.0 ----
    ? C:\Users\Matthew\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2488] kernel32.dll!SetUnhandledExceptionFilter 760FA8B5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    ---- EOF - GMER 2.0 ----

    dds.txt:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by Matthew at 18:53:34 on 2013-01-25
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3317.1694 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
    C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\Scrybe\scrybe.exe
    C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Matthew\Downloads\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    BHO: CodecC Class: {0B68DEB9-952D-455B-BB5B-9E5F3DECE3FA} - c:\programdata\codecc\bhoclass.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: CouponAmazing: {48D604E1-9AAD-42C8-8894-DDCF53DBD403} - c:\users\matthew\appdata\local\couponamazing\ie\couponamazing_1358802539.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    IE: &Leave a note for Been users - c:\program files\goodshop app\basement\BackgroundEngine.exe/205
    IE: &Remove from Been Clickstream - c:\program files\goodshop app\basement\BackgroundEngine.exe/206
    IE: &Save as Been Favorite - c:\program files\goodshop app\basement\BackgroundEngine.exe/204
    IE: &Thumbs Down - c:\program files\goodshop app\basement\BackgroundEngine.exe/202
    IE: &Thumbs Up - c:\program files\goodshop app\basement\BackgroundEngine.exe/201
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{CDF43B72-CCC6-463B-ADC5-7B59C3A260F7} : DHCPNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: DfLogon - LogonDll.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs=
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2012-8-3 25896]
    R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-11-22 166424]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]
    R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-8-29 24424]
    R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2012-10-29 6637056]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-10-30 193640]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-12-4 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-10-29 13024]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2013-01-25 23:20:06 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{60c10606-bd89-46e4-abb6-4a9fe9485453}\offreg.dll
    2013-01-25 04:20:00 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{60c10606-bd89-46e4-abb6-4a9fe9485453}\mpengine.dll
    2013-01-24 02:26:39 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-22 02:45:24 -------- d-----w- c:\users\matthew\appdata\roaming\RealNetworks
    2013-01-22 02:44:26 -------- d-----w- c:\programdata\RealNetworks
    2013-01-22 02:44:26 -------- d-----w- c:\program files\RealNetworks
    2013-01-21 21:48:56 -------- d-----w- c:\users\matthew\appdata\roaming\0T1F0D1F2W1G1I1F1T1Q
    2013-01-21 21:48:53 -------- d-----w- c:\users\matthew\appdata\local\couponamazing
    2013-01-21 21:45:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-21 21:16:42 2048000 ----a-w- c:\windows\system32\win32k.sys
    2013-01-21 21:09:52 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-21 21:08:33 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-20 23:53:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-20 20:55:01 -------- d-----w- c:\users\matthew\appdata\roaming\FixCleaner
    2013-01-20 20:54:52 -------- d-----w- c:\program files\FixCleaner
    2013-01-19 20:38:04 -------- d-----w- c:\users\matthew\appdata\roaming\RealNetworks(180)
    2013-01-19 20:36:13 -------- d-----w- c:\program files\RealNetworks(141)
    2013-01-19 20:36:12 -------- d-----w- c:\programdata\RealNetworks(163)
    2013-01-07 10:24:11 -------- d-----w- c:\users\matthew\{00000687-c42d-4e9b-9e46-e3f86ac0a37d}
    2013-01-07 10:24:04 2210304 ----a-w- c:\windows\system32\CAS screensaver.scr
    2013-01-07 10:24:02 -------- d-----w- c:\windows\system32\Skin
    2012-12-30 06:37:10 -------- d-----w- c:\users\matthew\appdata\roaming\RealNetworks(214)
    2012-12-30 06:36:48 -------- d-----w- c:\programdata\RealNetworks(178)
    .
    ==================== Find3M ====================
    .
    2013-01-22 02:42:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2013-01-22 02:42:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-01-21 22:03:00 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-21 22:03:00 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-07 08:00:02 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    .
    ============= FINISH: 18:54:16.62 ===============

    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:49:42 PM, on 1/25/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\Scrybe\scrybe.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Matthew\Downloads\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: CodecC - {0B68DEB9-952D-455B-BB5B-9E5F3DECE3FA} - C:\ProgramData\CodecC\bhoclass.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: CouponAmazing - {48D604E1-9AAD-42C8-8894-DDCF53DBD403} - C:\Users\Matthew\AppData\Local\couponamazing\ie\couponamazing_1358802539.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Scrybe.lnk = ?
    O8 - Extra context menu item: &Leave a note for Been users - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/205
    O8 - Extra context menu item: &Remove from Been Clickstream - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/206
    O8 - Extra context menu item: &Save as Been Favorite - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/204
    O8 - Extra context menu item: &Thumbs Down - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/202
    O8 - Extra context menu item: &Thumbs Up - res://C:\Program Files\Goodshop app\Basement\BackgroundEngine.exe/201
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    --
    End of file - 8243 bytes

    attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/25/2012 7:48:16 PM
    System Uptime: 1/25/2013 6:19:38 PM (0 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 1600/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 296 GiB total, 90.886 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.6
    Agere Systems HDA Modem
    Apple Application Support
    Apple Software Update
    Bing Desktop
    Camera Assistant Software for Gateway
    CodecC
    couponamazing
    D3DX10
    Daum PotPlayer 1.5.28025
    DFX
    Google Chrome
    Google Chrome Packages
    Google Update Helper
    Hello Kitty Cutie World
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Java 7 Update 11
    Java Auto Updater
    Java(TM) 6 Update 21
    JavaFX 2.1.1
    Junk Mail filter update
    K-Lite Codec Pack 7.0.0 (Standard)
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Download Manager
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    MSVCRT
    Premiumplay Codec-C
    QuickTime
    Random Password Generator
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Segoe UI
    SlimCleaner
    SlimComputer
    SlimDrivers
    swMSM
    Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    Windows Driver Package - Intel (NETwLv32) net (08/15/2010 13.3.0.137)
    Windows Driver Package - Intel (NETwNv32) net (07/14/2010 13.3.0.24)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinZip 17.0
    .
    ==== End Of File ===========================
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087000

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice