Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Computer slow

  1. #1
    Member rugbyshark's Avatar
    Join Date
    Apr 2004
    Location
    Beaumont Texas
    Posts
    63
    Points
    0

    Default Computer slow

    Also keep getting a 440 error, computer was used in nephews dorm room. Hope I have done this correctly.

    Thanks


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 06/12/2012 at 12:21 PM

    Application Version : 5.0.1150

    Core Rules Database Version : 8721
    Trace Rules Database Version: 6533

    Scan type : Quick Scan
    Total Scan Time : 00:05:14

    Operating System Information
    Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Limited User (Administrator User)

    Memory items scanned : 742
    Memory threats detected : 0
    Registry items scanned : 33620
    Registry threats detected : 0
    File items scanned : 7607
    File threats detected : 3

    Adware.Tracking Cookie
    C:\USERS\MORREALE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8SZDI77P.txt [ Cookie:morreale@atdmt.com/ ]
    C:\USERS\MORREALE\AppData\Roaming\Microsoft\Windows\Cookies\Low\1FGB8FE1.txt [ Cookie:morreale@imrworldwide.com/cgi-bin ]
    .zgstats.com [ C:\USERS\MORREALE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


    -----------------------------------------------------------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:41:50 PM, on 6/12/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Morreale\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
    C:\Users\Morreale\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Xyron Wishblade Controller\XYWSSupervisor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: My Personal Homepage - {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - C:\Users\Morreale\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [GenieoUpdaterService] "C:\Users\Morreale\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
    O4 - HKCU\..\Run: [GenieoSystemTray] "C:\Users\Morreale\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Xyron Wishblade Status Supervisor.lnk = C:\Program Files\Xyron Wishblade Controller\XYWSSupervisor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 9849 bytes
    -----------------------------------------------------------------------------------------------------------------------------------------
    Malwarebytes Anti-Malware 1.61.0.1400
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.06.12.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Morreale :: MORREALE-PC [administrator]

    6/12/2012 12:32:17 PM
    mbam-log-2012-06-12 (12-32-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195434
    Time elapsed: 5 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 15
    HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    you do not just tell them it is so.
    you show them the reasons why it is so.
    and then you repeat and repeat untill they are convinced they know.

    Vince Lombardi

  2. #2
    Member rugbyshark's Avatar
    Join Date
    Apr 2004
    Location
    Beaumont Texas
    Posts
    63
    Points
    0

    Default

    sorry this is the error we get



    The webpage cannot be found



    HTTP 400






    Most likely causes:
    •There might be a typing error in the address.
    •If you clicked on a link, it may be out of date.






    What you can try:











    Retype the address.














    Go back to the previous page.












    Go to and look for the information you want.












    More information
    you do not just tell them it is so.
    you show them the reasons why it is so.
    and then you repeat and repeat untill they are convinced they know.

    Vince Lombardi

  3. #3
    Member rugbyshark's Avatar
    Join Date
    Apr 2004
    Location
    Beaumont Texas
    Posts
    63
    Points
    0

    Default

    My wife is sure she does not want to know anything about what is going on with this computer, or where it has been.
    you do not just tell them it is so.
    you show them the reasons why it is so.
    and then you repeat and repeat untill they are convinced they know.

    Vince Lombardi

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member rugbyshark's Avatar
    Join Date
    Apr 2004
    Location
    Beaumont Texas
    Posts
    63
    Points
    0

    Default

    Thanks Fireman, I will do these steps when I get home this eve. I really appreciate the help.
    you do not just tell them it is so.
    you show them the reasons why it is so.
    and then you repeat and repeat untill they are convinced they know.

    Vince Lombardi

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    ok
    Thanks for letting us know.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member rugbyshark's Avatar
    Join Date
    Apr 2004
    Location
    Beaumont Texas
    Posts
    63
    Points
    0

    Default

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/30/2010 7:59:39 PM
    System Uptime: 6/14/2012 3:33:26 AM (50 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NARRA2
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | Socket AM2 | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 267.981 GiB free.
    D: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP785: 5/31/2012 12:00:01 AM - Scheduled Checkpoint
    RP786: 5/31/2012 10:23:46 PM - Scheduled Checkpoint
    RP787: 6/2/2012 12:02:11 AM - Scheduled Checkpoint
    RP788: 6/3/2012 12:00:01 AM - Scheduled Checkpoint
    RP789: 6/4/2012 12:00:02 AM - Scheduled Checkpoint
    RP790: 6/4/2012 3:00:10 AM - Windows Update
    RP791: 6/5/2012 12:00:01 AM - Scheduled Checkpoint
    RP792: 6/6/2012 12:18:31 AM - Scheduled Checkpoint
    RP793: 6/7/2012 12:00:04 AM - Scheduled Checkpoint
    RP794: 6/7/2012 9:35:40 PM - Scheduled Checkpoint
    RP795: 6/8/2012 8:33:15 PM - Windows Update
    RP796: 6/9/2012 7:28:29 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    RP797: 6/11/2012 12:00:01 AM - Scheduled Checkpoint
    RP798: 6/11/2012 1:15:09 PM - Scheduled Checkpoint
    RP799: 6/12/2012 9:44:24 AM - Windows Update
    RP800: 6/13/2012 12:00:01 AM - Scheduled Checkpoint
    RP801: 6/13/2012 3:00:15 AM - Windows Update
    RP802: 6/14/2012 12:00:01 AM - Scheduled Checkpoint
    RP803: 6/14/2012 3:00:23 AM - Windows Update
    RP804: 6/15/2012 12:00:01 AM - Scheduled Checkpoint
    RP805: 6/15/2012 3:00:11 AM - Windows Update
    RP806: 6/16/2012 12:00:04 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.1
    Adobe Shockwave Player 11.6
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    BufferChm
    C4200
    C4200_doccd
    c4200_Help
    Camera Support Core Library
    Camera Window DS
    Camera Window DVC
    Camera Window MC
    Canon Camera Support Core Library
    Canon Camera WIA Driver
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DSLR 5 for ZoomBrowser EX
    Canon Camera Window MC 5 for ZoomBrowser EX
    Canon EOS Kiss_N REBEL_XT 350D WIA Driver
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 2.0
    Canon Utilities EOS Capture 1.5
    Canon Utilities PhotoStitch 3.1
    Canon ZoomBrowser EX (E)
    Cisco Network Magic
    Compatibility Pack for the 2007 Office system
    Copy
    Creative Lettering Combo
    CustomerResearchQFolder
    Cutting Master 2 for CraftROBO 1.20
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    Driver Genius Professional Edition
    EOS Capture 1.5
    eSupportQFolder
    EZ Calendar
    EZ Fonts
    Genieo
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 9.0
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Smart Web Printing 4.60
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    iCloud
    InstallIQ Updater
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Lettering Delights Deluxe
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Excel Viewer
    Microsoft Office Professional Edition 2003
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network Magic
    Norton Security Scan
    NVIDIA Drivers
    pcHugBug Browser Deluxe Lite
    pcHugWare AutoUpdater
    PhotoStitch
    PS_AIO_ProductContext
    PS_AIO_Software
    PS_AIO_Software_min
    PSSWCORE
    Pure Networks Platform
    QuickTime
    RAW Image Task 2.2
    Roblox for Morreale
    Safari
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Sentinel Protection Installer 7.3.1
    SmartWebPrinting
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    Status
    SUPERAntiSpyware
    swMSM
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VideoToolkit01
    WebEx Support Manager for Internet Explorer
    WebReg
    Windows Live ID Sign-in Assistant
    Xyron Wishblade
    Xyron Wishblade Controller
    Xyron Wishblade Create and Cut 8.1v1
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2012 7:29:03 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/14/2012 3:35:32 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/12/2012 9:47:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).
    6/12/2012 9:46:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2598343).
    6/12/2012 9:31:12 AM, Error: EventLog [6008] - The previous system shutdown at 9:29:31 AM on 6/12/2012 was unexpected.
    6/11/2012 7:54:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    6/11/2012 7:54:29 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2012 7:54:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/11/2012 7:15:09 AM, Error: EventLog [6008] - The previous system shutdown at 7:08:38 AM on 6/11/2012 was unexpected.
    6/11/2012 11:00:38 PM, Error: EventLog [6008] - The previous system shutdown at 10:58:36 PM on 6/11/2012 was unexpected.
    .
    ==== End Of File ===========================

  8. #8
    Member rugbyshark's Avatar
    Join Date
    Apr 2004
    Location
    Beaumont Texas
    Posts
    63
    Points
    0

    Default

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit quick scan 2012-06-16 05:28:05
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000052 WDC_WD50 rev.01.0
    Running: ou43cchu.exe; Driver: C:\Users\Morreale\AppData\Local\Temp\uwlyqkob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90511762]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    You have gave me the attach.txt portion of the DDS log. I need the DDS.txt portion of the log.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member rugbyshark's Avatar
    Join Date
    Apr 2004
    Location
    Beaumont Texas
    Posts
    63
    Points
    0

    Default

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Morreale at 7:45:12 on 2012-06-17
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2942.1541 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    C:\Windows\system32\taskeng.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Morreale\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Xyron Wishblade Controller\XYWSSupervisor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\Users\Morreale\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: My Personal Homepage: {0538cf1c-8419-4800-adbb-0c00c799fda2} - c:\users\morreale\appdata\roaming\genieo\application\ieplugins\bin\IEWrapper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    {ae07101b-46d4-4a98-af68-0333ea26e113}
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [GenieoUpdaterService] "c:\users\morreale\appdata\roaming\genieo\application\updater\bin\genupdater.exe" -wait 5
    uRun: [GenieoSystemTray] "c:\users\morreale\appdata\roaming\genieo\application\trayui\bin\gentray.exe"
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\morreale\appdata\roaming\micros~1\windows\startm~1\programs\startup\flipto~1.lnk - c:\program files\fliptoast\fliptoast.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\xyronw~1.lnk - c:\program files\xyron wishblade controller\XYWSSupervisor.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{ED0EBDCC-4E1F-4E38-9DFC-6C475403C922} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\morreale\appdata\roaming\mozilla\firefox\profiles\6y5ey0lh.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)
    FF - prefs.js: browser.startup.homepage - hxxp://yahoo.genieo.com/?v=w3i4
    FF - prefs.js: keyword.URL - hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\users\morreale\appdata\local\roblox\versions\version-e029025a3614426d\NPRobloxProxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-4 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-4 307288]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-4 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-4 53592]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-12-1 20376]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-4 42184]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2006-8-22 316992]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-11 113120]
    S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
    .
    =============== Created Last 30 ================
    .
    2012-06-16 13:24:53 -------- d-----w- c:\program files\iPod
    2012-06-16 13:24:50 -------- d-----w- c:\program files\iTunes
    2012-06-14 02:45:51 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 02:45:50 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-06-12 17:41:42 -------- d-----w- c:\program files\Trend Micro
    2012-06-12 17:15:46 -------- d-----w- c:\users\morreale\appdata\roaming\SUPERAntiSpyware.com
    2012-06-12 17:15:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-06-12 17:15:12 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-06-12 14:35:10 -------- d-----w- c:\users\morreale\appdata\local\WindowsUpdate
    2012-06-10 00:27:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2012-06-10 00:27:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2012-06-10 00:27:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2012-06-10 00:27:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2012-06-10 00:27:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2012-06-10 00:27:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2012-06-10 00:27:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2012-06-09 01:33:57 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-09 01:33:38 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-09 01:33:33 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-09 01:33:33 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-06 08:47:31 -------- d-----w- c:\programdata\PC Optimizer Pro
    .
    ==================== Find3M ====================
    .
    2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    .
    ============= FINISH: 7:46:44.59 ===============
    you do not just tell them it is so.
    you show them the reasons why it is so.
    and then you repeat and repeat untill they are convinced they know.

    Vince Lombardi

Page 1 of 2 12 LastLast