1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus? Help!

Discussion in 'Virus & Other Malware Removal' started by a_wees13, Feb 22, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. a_wees13

    a_wees13 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    27
    Hi
    My computer has begun to run very slowly and will freeze randomly. I'm suspecting a virus even though Malewarebytes didn't find an infection.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:11:41 PM, on 2/22/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Users\Mike\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=27360510b755l04c4z135t5442j316
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=27360510b755l04c4z135t5442j316
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=27360510b755l04c4z135t5442j316
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\759\g2aservice.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12963 bytes

    **HijackThis gave me a message that it couldn't scan the drivers. I followed the instructions it gave to go into C:\Windows\System32\drivers\etc\hosts but the computer only gave me a sample log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2
    Run by Mike at 12:15:58 on 2013-02-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1506 [GMT -5:00]
    .
    AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://att.yahoo.com/
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=27360510b755l04c4z135t5442j316
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=27360510b755l04c4z135t5442j316
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=27360510b755l04c4z135t5442j316
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1
    mRun: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE" /splash
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: NameServer = 24.247.15.53 66.189.0.100 24.178.162.3
    TCP: Interfaces\{24D865D6-5C30-4B3E-93B3-2A0D77CDDB5F} : DHCPNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
    TCP: Interfaces\{24D865D6-5C30-4B3E-93B3-2A0D77CDDB5F}\2456C6B696E6E233432423 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{24D865D6-5C30-4B3E-93B3-2A0D77CDDB5F}\34963736F62413132363 : DHCPNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
    TCP: Interfaces\{24D865D6-5C30-4B3E-93B3-2A0D77CDDB5F}\77167656E6 : DHCPNameServer = 172.16.0.1
    TCP: Interfaces\{7C8A08D7-FFD5-4C50-B3FC-7ED005FF59B8} : DHCPNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=27360510b755l04c4z135t5442j316
    x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=27360510b755l04c4z135t5442j316
    x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\759\G2AWinLogon_x64.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\conmkgrc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6192110823974035&o=APN10645&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-02-02 10:56; {34712C68-7391-4c47-94F3-8F88D49AD632}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-1-26 56016]
    R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2013-1-26 62232]
    R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2013-1-26 14032]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-1-19 310352]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-1-27 842784]
    R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [2012-11-26 183864]
    R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2012-8-6 61176]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-27 13336]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-1-27 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-1-27 240160]
    R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
    R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
    R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2013-1-26 199736]
    R3 fsni;fsni;C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [2013-1-30 71680]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-27 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-1-27 151936]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-1-27 244736]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-16 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-1-27 232992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-27 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-1-6 255744]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-02-21 02:00:41 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2290127C-BF0D-4849-AE3E-C1818D7E0185}\offreg.dll
    2013-02-20 05:52:47 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2290127C-BF0D-4849-AE3E-C1818D7E0185}\mpengine.dll
    2013-02-20 05:45:04 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-02-20 05:45:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-14 01:59:00 -------- d-----w- C:\Users\Mike\AppData\Local\{2018BF51-9E88-4587-9622-494B2D157A29}
    2013-02-14 01:55:49 -------- d-----w- C:\Users\Mike\AppData\Local\{07260290-69C9-4296-88C5-C827425DF869}
    2013-02-13 02:04:32 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 02:04:32 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 01:58:55 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2013-02-13 01:58:55 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
    2013-02-13 01:58:55 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    2013-02-13 01:58:54 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2013-02-13 00:18:33 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-13 00:18:28 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-13 00:18:22 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-13 00:17:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-13 00:17:20 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-13 00:17:17 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-13 00:17:17 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-13 00:17:16 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-13 00:17:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-13 00:17:15 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-13 00:17:05 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-13 00:17:04 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-05 20:43:24 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-04 23:06:53 92672 ----a-w- C:\Windows\System32\CNC620I.DLL
    2013-02-04 23:06:53 293376 ----a-w- C:\Windows\System32\CNC620L.DLL
    2013-02-04 23:06:53 229888 ----a-w- C:\Windows\System32\CNC620O.DLL
    2013-02-04 23:06:52 1354240 ----a-w- C:\Windows\System32\CNC620C.DLL
    2013-02-03 19:30:22 252416 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
    2013-02-03 19:30:22 152064 ----a-w- C:\Windows\System32\CNMN6UI.DLL
    2013-02-02 16:03:07 -------- d-----w- C:\Users\Mike\AppData\Roaming\RealNetworks
    2013-02-02 15:56:40 -------- d-----w- C:\Program Files (x86)\RealNetworks
    2013-02-02 15:56:25 -------- d-----w- C:\ProgramData\RealNetworks
    2013-02-02 15:55:58 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2013-01-26 21:37:42 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
    2013-01-26 21:30:31 42672 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys
    2013-01-26 20:47:45 -------- d-----w- C:\Program Files (x86)\Charter Security Suite
    2013-01-26 20:43:12 -------- d-----w- C:\ProgramData\F-Secure
    2013-01-26 20:10:30 -------- d-----w- C:\Users\Mike\AppData\Local\Avg2013
    .
    ==================== Find3M ====================
    .
    2013-02-05 20:43:17 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-02-05 20:43:17 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-02-02 15:54:38 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-02-02 15:54:38 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-01-18 02:08:43 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-18 02:08:42 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 12:16:33.59 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/25/2010 10:03:30 PM
    System Uptime: 2/22/2013 11:52:20 AM (1 hours ago)
    .
    Motherboard: Acer | | Aspire 5741
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU | 2267/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 340.543 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description: HID-compliant consumer control device
    Device ID: HID\VID_046D&PID_C52F&MI_01&COL01\8&BAA22F&0&0000
    Manufacturer: Microsoft
    Name: HID-compliant consumer control device
    PNP Device ID: HID\VID_046D&PID_C52F&MI_01&COL01\8&BAA22F&0&0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP238: 12/26/2012 12:35:47 PM - Removed AVG PC TuneUp
    RP239: 12/26/2012 12:36:48 PM - Removed AVG PC TuneUp Language Pack (en-US)
    RP240: 12/29/2012 11:13:26 PM - Installed AVG PC TuneUp
    RP241: 12/30/2012 3:38:01 PM - Installed WD Software Upgrader
    RP242: 12/30/2012 4:36:23 PM - Removed AVG PC TuneUp
    RP243: 12/30/2012 4:38:51 PM - Removed AVG PC TuneUp Language Pack (en-US)
    RP244: 1/9/2013 9:01:09 PM - Windows Update
    RP245: 1/10/2013 4:37:12 PM - Configured PowerDVD
    RP246: 1/10/2013 5:12:36 PM - Installed Java 7 Update 10 (64-bit)
    RP247: 1/11/2013 8:50:11 PM - Windows Update
    RP248: 1/21/2013 7:29:41 PM - Installed Java 7 Update 11
    RP249: 1/26/2013 10:04:11 AM - Installed TomTom HOME.
    RP250: 1/26/2013 11:13:54 AM - Windows Update
    RP251: 1/26/2013 2:53:52 PM - Removed AVG 2013
    RP252: 1/26/2013 3:11:27 PM - Removed AVG 2013
    RP253: 1/29/2013 7:46:50 PM - 2 programs from 1/11/13
    RP254: 1/29/2013 7:49:36 PM - Removed Adobe Reader X (10.1.5).
    RP255: 1/29/2013 7:51:15 PM - Removed Adobe Reader X (10.1.5).
    RP256: 1/29/2013 7:54:24 PM - Removed Microsoft Office PowerPoint Viewer 2007 (English)
    RP257: 1/29/2013 7:57:35 PM - Removed Compatibility Pack for the 2007 Office system
    RP258: 1/29/2013 8:01:03 PM - Removed Compatibility Pack for the 2007 Office system
    RP259: 1/29/2013 8:09:13 PM - Removed Adobe Reader X (10.1.5).
    RP260: 2/5/2013 3:41:19 PM - Installed Java 7 Update 13
    RP261: 2/11/2013 6:35:45 PM - Installed TurboTax 2012 wrapper
    RP262: 2/11/2013 8:05:32 PM - Installed TurboTax 2012 wnciper
    RP263: 2/11/2013 8:06:07 PM - Installed TurboTax 2012 wmiiper
    RP264: 2/12/2013 8:57:12 PM - Windows Update
    RP265: 2/15/2013 9:55:25 PM - Windows Backup
    RP266: 2/20/2013 12:50:03 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acer Backup Manager
    Acer Crystal Eye webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX 64-bit
    Adobe Flash Player 11 Plugin
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Backup Manager Basic
    Bing Bar
    Bonjour
    Broadcom Gigabit NetLink Controller
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 2.0
    Canon MP620 series MP Drivers
    Canon MP620 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CCleaner
    Charter Security Suite
    Cisco Connect
    Computer Security 12.71.102.0 (release)
    Coupon Printer for Windows
    CyberLink PowerDVD 9
    D3DX10
    eReg
    eSobi v2
    F-Secure CCF Reputation
    F-Secure CCF Scanning 1.18.127.7931 (release)
    F-Secure Network CCF 1.02.126
    Google Chrome
    Google Earth
    Google Update Helper
    GoToAssist Corporate
    Greeting Card Factory Deluxe 6.0
    Identity Card
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Monitor
    Internet TV for Windows Media Center
    iTunes
    Java 7 Update 13
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 30
    JavaFX 2.1.1
    Junk Mail filter update
    Launch Manager
    Logitech SetPoint 6.20
    LTCM Client
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    MyWinLocker
    Online Safety 2.71.927.655
    Picture Package Music Transfer
    QuickTime
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Sony Picture Utility
    swMSM
    Synaptics Pointing Device Driver
    System Requirements Lab for Intel
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    TPkd
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wmiiper
    TurboTax 2010 wnciper
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wmiiper
    TurboTax 2011 wnciper
    TurboTax 2011 wrapper
    TurboTax 2012
    TurboTax 2012 WinPerFedFormset
    TurboTax 2012 WinPerReleaseEngine
    TurboTax 2012 WinPerTaxSupport
    TurboTax 2012 wmiiper
    TurboTax 2012 wnciper
    TurboTax 2012 wrapper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Visual Studio C++ 10.0 Runtime
    Visual Studio C++ 9.0 Runtime
    WD SmartWare
    Welcome Center
    WildTangent Games App (Acer Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    Yahoo! BrowserPlus 2.9.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/22/2013 8:03:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    2/22/2013 8:03:18 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/22/2013 11:53:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TPkd
    2/21/2013 9:42:13 PM, Error: Service Control Manager [7001] - The WDFMEService service depends on the WDRulesService service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    2/21/2013 9:41:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WDRulesService service to connect.
    2/21/2013 9:41:48 PM, Error: Service Control Manager [7000] - The WDRulesService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/20/2013 8:26:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/20/2013 5:17:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.
    2/20/2013 5:16:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service.
    2/20/2013 2:11:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
    2/20/2013 1:17:09 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/20/2013 1:15:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/20/2013 1:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/20/2013 1:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/20/2013 1:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/20/2013 1:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/20/2013 1:15:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/20/2013 1:15:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/20/2013 1:15:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPkd vwififlt Wanarpv6 WfpLwf
    2/20/2013 1:15:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/20/2013 1:15:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/20/2013 1:15:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/20/2013 1:15:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/20/2013 1:15:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/20/2013 1:15:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/20/2013 1:15:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/20/2013 1:15:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/20/2013 1:15:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/20/2013 1:03:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
    2/20/2013 1:03:01 AM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/19/2013 12:57:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFMEService service.
    2/19/2013 12:55:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    2/19/2013 1:38:52 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    2/16/2013 10:26:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IAStorDataMgrSvc service.
    2/16/2013 1:01:20 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    2/15/2013 10:17:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009c (0x0000000000000000, 0xfffff8800316bb70, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\021513-27346-01.dmp. Report Id: 021513-27346-01.
    .
    ==== End Of File ===========================

    GMER 2.1.19081 - http://www.gmer.net
    Rootkit scan 2013-02-22 13:48:50
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB
    Running: kf15n6ni.exe; Driver: C:\Users\Mike\AppData\Local\Temp\ugldapoc.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a2f991 8 bytes {MOV EDX, 0xd03e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077a2f99b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077a2fa0d 8 bytes {MOV EDX, 0xd01a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077a2fa17 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077a2fb25 8 bytes {MOV EDX, 0xd0168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077a2fb2f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a2fbd5 8 bytes {MOV EDX, 0xd0428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077a2fbdf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a2fc05 8 bytes {MOV EDX, 0xd0368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077a2fc0f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a2fc1d 8 bytes {MOV EDX, 0xd0128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077a2fc27 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a2fc35 8 bytes {MOV EDX, 0xd04e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077a2fc3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a2fc65 8 bytes {MOV EDX, 0xd0528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077a2fc6f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a2fce5 8 bytes {MOV EDX, 0xd04a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077a2fcef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a2fcfd 8 bytes {MOV EDX, 0xd0468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077a2fd07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a2fd49 8 bytes {MOV EDX, 0xd0068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077a2fd53 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077a2fdad 8 bytes {MOV EDX, 0xd02e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077a2fdb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a2fe41 8 bytes {MOV EDX, 0xd00a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077a2fe4b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077a2ff89 8 bytes {MOV EDX, 0xd02a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077a2ff93 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a30099 8 bytes {MOV EDX, 0xd0028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077a300a3 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077a30781 8 bytes {MOV EDX, 0xd0268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077a3078b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077a30ffd 8 bytes {MOV EDX, 0xd01e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077a31007 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077a3105d 8 bytes {MOV EDX, 0xd0228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077a31067 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a310a5 8 bytes {MOV EDX, 0xd03a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077a310af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a3111d 8 bytes {MOV EDX, 0xd0328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077a31127 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a31321 8 bytes {MOV EDX, 0xd00e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077a3132b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076c3103d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076c31072 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000753c8c40 5 bytes JMP 0000000100170570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000753c9ebd 5 bytes JMP 00000001001702b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000753d0afa 5 bytes JMP 00000001001702f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000753d0c62 7 bytes JMP 00000001001705b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetParent 00000000753d0f68 7 bytes JMP 00000001001706f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000753d112d 7 bytes JMP 00000001001706b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000753d12a5 5 bytes JMP 00000001001705f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000753d227d 7 bytes JMP 0000000100170670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000753d3150 7 bytes JMP 0000000100170630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!SetCursor 00000000753d41f6 5 bytes JMP 0000000100170530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000753d68ef 5 bytes JMP 0000000100170270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000753d77fa 5 bytes JMP 0000000100170230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000753d7887 7 bytes JMP 0000000100170730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000753d8676 5 bytes JMP 00000001001700f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000753d8696 5 bytes JMP 0000000100170330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000753d8e8d 5 bytes JMP 00000001001700b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000753d8ecb 5 bytes JMP 0000000100170070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000753dc17b 5 bytes JMP 0000000100170430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000753dc449 5 bytes JMP 00000001001701b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000753dc468 5 bytes JMP 00000001001703f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000753dc486 5 bytes JMP 00000001001701f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000753dc4b6 5 bytes JMP 00000001001704b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000753dd6c0 5 bytes JMP 00000001001704f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000753de360 5 bytes JMP 0000000100170370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075408e57 5 bytes JMP 0000000100170170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075409cfd 5 bytes JMP 0000000100170770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075409f1d 5 bytes JMP 0000000100170030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075427cb9 5 bytes JMP 0000000100170130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000075428111 5 bytes JMP 0000000100170470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[1400] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007542832f 5 bytes JMP 00000001001703b0

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5012:2144] 000007fefb6e2a7c

    ---- EOF - GMER 2.1 ----
     
  2. a_wees13

    a_wees13 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    27
  3. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    When you removed AVG did you run the Cleanup Tool from here: AVG Removal tool You must select the correct tool to match the version of AVG installed and the bit rate (32 or 64bit). If not, please do so to remove all the remnants.

    You should remove the old versions of Java as they pose a security risk, you should also update the newer version you have.

    A BSOD occurred on the 15th February, the error code indicates a hardware fault, but that could mean 'any' item of hardware. Please follow this guide to post that crash dump and any others that have been saved.

    First locate your minidump files, open Windows Explorer and click on the C: drive in the left pane, in the right pane look down the list of folders and double click on Windows to view its contents. NOTE: If your operating system is installed under a different drive letter then look there. Scroll down the contents of the Windows folder and look for a folder called minidump and double click on it. You should now see the minidump files which will have a .dmp extension.

    Zip up at least 6 of the most recent files into one zip folder (if there are less then just zip up what you have).


    NOTE: To zip up the files in Windows (all versions). Right click the file, click on Send To, and then click
    Compressed (zipped) Folder. That will create a zip folder containing a copy of the file, you should see it appear.


    If there is more than one .dmp file click on the first one, hold down the shift key and then click on the last one. That should highlight all the files. Then right click in the highlighted area, click on Send To, and then click Compressed (zipped) Folder.




    • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
    • Click on the Browse button, find the zip folder you made earlier and click on it so it becomes highlighted and click on Open.
    • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
    • When done, click on the Close this window button at the top of the page.
    • Enter your message-text in the message box, then click on Submit Message/Reply.


    =================================================================

    Then please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.

    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  4. a_wees13

    a_wees13 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    27
    There was only one file in the Minidump folder. I used the AVG tool as well as uninstalled all early versions of Java. On to the next set of instructions...
     

    Attached Files:

  5. a_wees13

    a_wees13 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    27
    # AdwCleaner v2.113 - Logfile created 02/25/2013 at 12:54:49
    # Updated 23/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Mike - OTIS
    # Boot Mode : Normal
    # Running from : C:\Users\Mike\Desktop\pictures\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
    File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\conmkgrc.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\conmkgrc.default\searchplugins\Search_Results.xml
    Folder Deleted : C:\Program Files (x86)\search results toolbar
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\Mike\AppData\LocalLow\AVG Security Toolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\iLividSRTB
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Deleted : HKLM\SOFTWARE\DataMngr
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\conmkgrc.default\prefs.js

    C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\conmkgrc.default\user.js ... Deleted !

    Deleted : user_pref("browser.search.defaultenginename", "Search Results");
    Deleted : user_pref("browser.search.defaultthis.engineName", "TV Bar 1.4 Customized Web Search");
    Deleted : user_pref("browser.search.order.1", "Search Results");
    Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn[...]

    *************************

    AdwCleaner[S1].txt - [3600 octets] - [25/02/2013 12:54:49]

    ########## EOF - C:\AdwCleaner[S1].txt - [3660 octets] ##########

    RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mike [Admin rights]
    Mode : Scan -- Date : 02/25/2013 13:02:38
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
    --- User ---
    [MBR] 8e207c6ef59caf29f366a2db37933c12
    [BSP] caec7385ca25711e4b306ff393f2656d : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 464545 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02252013_02d1302.txt >>
    RKreport[1]_S_02252013_02d1302.txt
     
  6. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The minidump indicates there may be a problem with an Intel CPU driver, but Crash Dumps can be misleading. Please Go here and follow the prompts to post your system details for me to see.

    Other than a few items of Adware there was nothing of significance found by the above scans.

    Please answer these questions by number:

    1. Has the running of the scans improved anything?
    2. Is your CPU overclocked?
    3. Did the slow down in system performance start suddenly or was it a gradual decline?
    4. Is the slowdown with general use or just with Internet use.
    5. Can you relate the use of any particular program or activity to when the PC freezes.
     
  7. a_wees13

    a_wees13 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    27
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 2
    Processor Count: 4
    RAM: 3766 Mb
    Graphics Card: Intel(R) Graphics Media Accelerator HD, 1755 Mb
    Hard Drives: C: Total - 464545 MB, Free - 352537 MB;
    Motherboard: Acer, Aspire 5741
    Antivirus: Computer Security, Updated and Enabled

    1. Has the running of the scans improved anything?
    Yes the computer does seem to be faster and not freeze as frequently. Also, ShockWave had a tendency to crash and it has not been crashing since the scans.

    2. Is your CPU overclocked?
    Nope

    3. Did the slow down in system performance start suddenly or was it a gradual decline?
    It seems that the performance was a gradual decline.

    4. Is the slowdown with general use or just with Internet use.
    It's with general use.

    5. Can you relate the use of any particular program or activity to when the PC freezes.
    It used to be when ShockWave crashed then the internet browser (we use both Firefox and Chrome) would freeze. Also when there were a lot of tabs loading.
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, that sounds encouraging, but I must question part of your answer to No 1.

    Yes the computer does seem to be faster and not freeze as frequently.

    So it is still freezing?
     
  9. a_wees13

    a_wees13 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    27
    Yeah it froze when I was trying to load a webpage this morning.
     
  10. a_wees13

    a_wees13 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    27
    The computer itself is running much better than it was. Thank you sooo much for helping me out!
     
  11. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome, please run this scan so we can see what might be going wrong.

    Please download MiniToolBox and save it to your desktop.
    Double click on the MiniToolBox icon [​IMG]

    The window will open as shown below.

    Click on each of the boxes as indicated in the list below, then click on the GO button.

    Copy & Paste the contents of the report that appears into your next post, you can also find a copy of the report on your desktop (Result.txt).

    &#8226;Flush DNS
    &#8226;Report IE Proxy Settings
    &#8226;Report FF Proxy Settings
    &#8226;List content of Hosts
    &#8226;List IP configuration
    &#8226;List Winsock Entries
    &#8226;List last 10 Event Viewer Errors
    &#8226;List Devices Check options for Only Problems
    &#8226;List Users, Partitions and Memory size.
    &#8226;List Minidump Files

    [​IMG]
     
  12. a_wees13

    a_wees13 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    27
    MiniToolBox by Farbar Version:10-01-2013
    Ran by Mike (administrator) on 28-02-2013 at 22:49:52
    Running from "C:\Users\Mike\Downloads"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    "network.proxy.type", 0
    ========================= Hosts content: =================================



    ========================= IP Configuration: ================================

    Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
    Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled
    add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=172.16.1.40 metric=1 publish=Yes


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Otis
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : gha.chartermi.net

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . : gha.chartermi.net
    Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
    Physical Address. . . . . . . . . : F0-7B-CB-07-17-77
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : fd0d:c856:d583:0:1406:6b94:3a1c:de65(Preferred)
    Temporary IPv6 Address. . . . . . : fd0d:c856:d583:0:49a:cf10:869e:d788(Preferred)
    Link-local IPv6 Address . . . . . : fe80::1406:6b94:3a1c:de65%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.119(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Thursday, February 28, 2013 10:44:38 PM
    Lease Expires . . . . . . . . . . : Friday, March 01, 2013 10:44:38 PM
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 317750219
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-25-B9-E2-70-5A-B6-3A-F2-59
    DNS Servers . . . . . . . . . . . : 24.247.15.53
    66.189.0.100
    24.178.162.3
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : gha.chartermi.net
    Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
    Physical Address. . . . . . . . . : 70-5A-B6-3A-F2-59
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.gateway.2wire.net:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: vip01aldlmi.aldl.mi.charter.com
    Address: 24.247.15.53

    Name: google.com
    Addresses: 2001:4860:400a:800::1009
    74.125.225.0
    74.125.225.1
    74.125.225.6
    74.125.225.7
    74.125.225.9
    74.125.225.14
    74.125.225.8
    74.125.225.2
    74.125.225.5
    74.125.225.3
    74.125.225.4


    Pinging google.com [74.125.225.33] with 32 bytes of data:
    Reply from 74.125.225.33: bytes=32 time=14ms TTL=53
    Reply from 74.125.225.33: bytes=32 time=13ms TTL=53

    Ping statistics for 74.125.225.33:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 14ms, Average = 13ms
    Server: vip01aldlmi.aldl.mi.charter.com
    Address: 24.247.15.53

    Name: yahoo.com
    Addresses: 98.139.183.24
    206.190.36.45
    98.138.253.109


    Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
    Reply from 98.139.183.24: bytes=32 time=278ms TTL=46
    Reply from 98.139.183.24: bytes=32 time=288ms TTL=45

    Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 278ms, Maximum = 288ms, Average = 283ms

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    11...f0 7b cb 07 17 77 ......Broadcom 802.11n Network Adapter
    10...70 5a b6 3a f2 59 ......Broadcom NetLink (TM) Gigabit Ethernet
    1...........................Software Loopback Interface 1
    13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.119 25
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    169.254.0.0 255.255.0.0 On-link 192.168.1.119 306
    169.254.255.255 255.255.255.255 On-link 192.168.1.119 281
    192.168.1.0 255.255.255.0 On-link 192.168.1.119 281
    192.168.1.119 255.255.255.255 On-link 192.168.1.119 281
    192.168.1.255 255.255.255.255 On-link 192.168.1.119 281
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.119 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.119 281
    ===========================================================================
    Persistent Routes:
    Network Address Netmask Gateway Address Metric
    169.254.0.0 255.255.0.0 172.16.1.40 1
    ===========================================================================

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    11 33 fd0d:c856:d583::/64 On-link
    11 281 fd0d:c856:d583:0:49a:cf10:869e:d788/128
    On-link
    11 281 fd0d:c856:d583:0:1406:6b94:3a1c:de65/128
    On-link
    11 281 fe80::/64 On-link
    11 281 fe80::1406:6b94:3a1c:de65/128
    On-link
    1 306 ff00::/8 On-link
    11 281 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (02/28/2013 08:06:50 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 190883

    Error: (02/28/2013 08:06:50 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 190883

    Error: (02/28/2013 08:06:50 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/28/2013 08:03:48 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9142

    Error: (02/28/2013 08:03:48 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9142

    Error: (02/28/2013 08:03:48 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/28/2013 08:03:47 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8143

    Error: (02/28/2013 08:03:47 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8143

    Error: (02/28/2013 08:03:47 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/28/2013 08:03:46 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7129


    System errors:
    =============
    Error: (02/28/2013 10:45:32 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TPkd

    Error: (02/28/2013 10:45:25 PM) (Source: Service Control Manager) (User: )
    Description: The Intel(R) Rapid Storage Technology service failed to start due to the following error:
    %%1053

    Error: (02/28/2013 10:45:25 PM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.

    Error: (02/28/2013 07:46:37 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TPkd

    Error: (02/28/2013 07:56:33 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TPkd

    Error: (02/28/2013 07:56:28 AM) (Source: Service Control Manager) (User: )
    Description: The Intel(R) Rapid Storage Technology service failed to start due to the following error:
    %%1053

    Error: (02/28/2013 07:56:28 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.

    Error: (02/28/2013 07:32:56 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TPkd

    Error: (02/27/2013 08:57:05 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TPkd

    Error: (02/27/2013 08:56:57 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
    %%1053


    Microsoft Office Sessions:
    =========================
    Error: (01/08/2012 11:49:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5457 seconds with 660 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2010-06-30 00:13:18.711
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.


    ========================= Devices: ================================

    Name: HID-compliant consumer control device
    Description: HID-compliant consumer control device
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: Microsoft
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ========================= Memory info: ===================================

    Percentage of memory in use: 43%
    Total physical RAM: 3766.71 MB
    Available physical RAM: 2146.39 MB
    Total Pagefile: 7531.6 MB
    Available Pagefile: 5689.01 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3978.57 MB

    ========================= Partitions: =====================================

    1 Drive c: (Acer) (Fixed) (Total:453.66 GB) (Free:341.47 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\OTIS

    Administrator Guest Mike

    ========================= Minidump Files ==================================

    No minidump file found


    **** End of log ****
     
  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    A couple of things need to be checked.

    An error shows a Program that is not listed in your installed programs list so probably a remnant folder that needs to be removed.

    First have a look in Programs and Features and see if you can find Spyware Doctor, if it's there uninstall it, if not then use Windows Explorer and navigate to C:\Program Files, in there you should find a folder named Spyware Doctor, right click on it and select Delete. Let me know how that goes.

    Next task is to enable a disabled driver. Open the Device Manager from the Control Panel. Click on the small arrow next to Human Interface Devices, then right click on HID-compliant consumer control device and select Enable, let me know how that goes.

    Next, do this and post the results:

    Please download SystemLook from one of the links below and save it to your Desktop.



    • Double-click SystemLook.exe to run it.
    • Vista/Windows 7 users right-click and select Run As Administrator.
    • Copy and paste everything in the codebox below into the main textfield:
      Code:
      :filefind
      *TPkd*
    • Click the Look button to start the scan.
    • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
    • Please copy and paste the contents of that log in your next reply.


    ===========================================================

    Just one more task for now:

    Disk Check

    • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
    • You will then see the following message:
      chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
    • Type Y for yes, and hit Enter. Then reboot the computer.
    • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
    • When the Disk Check is done, it will finish loading Windows.


    Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
    Windows 7 Disk Check log

    Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
    You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.
     
  14. a_wees13

    a_wees13 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    27
    1 - Spy Doctor was not located in either Program Files or Program Files(x86). When I searched Programs it came up with sdsetup.exe.
    2 - I enabled the HID-compliant consumer control device driver
    3 - SystemLook 30.07.11 by jpshortstuff
    Log created at 12:42 on 02/03/2013 by Mike
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*TPkd*"
    C:\Windows\SysWOW64\drivers\TPkd.sys --a---- 69120 bytes [23:46 14/09/2004] [23:46 14/09/2004] 83596C4371F33B09EA53C56F54E0AF31

    -= EOF =-

    I followed the directions to find thechkdsk log and then find the wininit log from the same search box but got an error when trying to find the wininit log I got this message:

    Searching from the selected event to the end of the list, there is no event that contains the specified string. To search all events, select the first event in the list and run the search again.
     
  15. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    1. Strange things can happen, the file location is shown in the DDS log. Please double click on the sdsetup.exe file and see if it will install, if it does then reboot and then see if it is back in the programs list and uninstall it.

    2. Thats's good.

    3. We now need to have that file checked for Malware see below.

    Not sure what the problem could be with finding the check disc log but as long as your saw the scan run to completion, after you rebooted, it should be there. Please have another look.

    Go to one of the following online services that analyzes suspicious files:

    In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

    C:\Windows\SysWOW64\drivers\TPkd.sys <- this file

    Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
    -- Post back with the results of the file analysis in your next reply.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090627

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice