Inactive Malware Problems!

[Inactive] Malware Problems!

I run a HP G62 Notebook: Amd Athlor II P340 Dual Core Processor, 2.20 GHz, 3 GB Ram, Win 7 64 bit, about 15 months old. It began running extremely slow all of a sudden so with Ccleaner, Revo Pro, Uniblue Registry Fix, Super Anti Spyware Pro, Malwarebytes Anti-Malware, My ISP - Comcast's (xFinity) own Spyware tool, Norton Internet Security 2012, Wins Disk Cleaner and Disk Defragg, Slim Computer, Slim Cleaner, Wise Cleaner, Wise Disk, Wise Registry Cleaner, and all the various tools within the programs that offered them. There was redundancy in my effort, a couple of cleaners, two Registry Cleaners, etc... but through experience I know that different programs will identify a different set of issues so was double checking... I even ran a number of those "free scans that identify issues but only remove a small number of those issues that they find unless you upgrade and purchase their software. On those, there were hundreds of leftover registry entries, malware etc, that they found labeled "Dangerous, Remove" which I tried to go through and identify and remove with other tools. Didn't get all of them, but the thinking was that some of the entries were "harmless" and the "marketing" department was using "scare tactics" to sell the product...

I ran the boot scan Norton has as well as a full complete system scan of my internal and external hard dives, memory etc.

After cleaning all the identified issues off per instructions by each program, I tried out my laptop again. It still seems to run slow and "confused" when multitasking, and I still will get pop-up warnings from Norton that my CPU is maxed out at sometimes 100% ( usually when streaming a movie and maybe having a few other programs open that I am working on and don't close for my breaks. The message from Norton, identifies the "hogging" draining the CPU
does its comparison with its cloud to other users using the same program or service, identifies it as "okay" or not, "necessary etc," and also reports if there is any abnormal reading or writing to the disk... so far it always reports no on that.

Until just recently, (I have been using the Norton IS 2012) for about 3 months when my aVast expired and I installed the Norton for free through my ISP (xFinity/Comcast) The boot scan, complete scan etc.. did find a few things, as did all the malware programs, which I either quarantined or deleted per the respective directions.

So, now I still have the perceived slow issue, and the "High CPU Usage" pop up warning appearing. (All though the CPU message isn't quite as frequent.) The first month and a half of Norton, I never received that warning. I am on the Net 4 -6 hours a day researching and writing a book, 4 hours a day watching videos and movies and 3-4 hours a day writing, this routine has been ongoing for about a year and a half. I also frequently encounter freezes with my IE 9 browser and my Explorer Windows, which had never happened before and began with these other "symptoms. "

Is there still malware hidden somewhere running hidden? What can I do to find and remove it, or at least find out if my system has been freed up of all incidences of malware, viruses and rogue programs to be sure that is not the cause?

And 2. How can I analyze and discover if I have a hardware malfunction, or one of the pieces of software I have installed isn't the culprit. Until now, my system worked pretty much flawlessly? Is it my system? The warrenty just dropped off, so according to Murphy it's ready to self destruct anyway...

I have some experience with Malware removal, last year I spent almost three months cleaning an issue with mine, and issues with 5 other computers friends brought to me. I am computer literate and trained and probably ( I'm 62 and have been retired/away from my career for about 18 years ) but still have a level of intermediate ability with computers and software. My learning is an Associates in CIM from the late 80's, and in the 90's I built from scratch about 25 computers over 6 years for myself and friends. I spent about two months on a Malware Removal Study Course through Major Geeks ( I think it was) 18 months ago but am currently at the point I have to refer to the Net to get my thinking processes in action. Memory issues... I understand what I read and can act efficiently on most of it... but am still in need of much more training before I would say I was proficient enough to register on a Malware Help Line, which is my intention for this year...

Can someone take some time and give me some direction? A list of instruction and other resources to follow or something? Your help with me will add to my education and bring me closer to being qualified to become a resource as a volunteer on the same Malware sites that have helped and been training me. I do enjoy solving the problems that Malware brings and helping others. My new "hobby" for my spare time. I have always enjoyed the learning process with computers and enjoyed working on/building them, and love the feedback form bringing someones "baby" back from the dead!

Thanks in advance,

Mike in WV

edit: it also has new "funny" behavior issues. Like when processing a new request or task by me while multi tasking, appearing to "freeze" up, no indication of any little clock, or circle or other icon or notification that it is processing, sometimes for as long as 60 to 90 seconds - sometimes longer - and about the time I am ready to bring up the task manager, shut it down and reboot - repairing the things I lost... my frustration and concern peaking out, it "comes back/on" and I slowly get back to the business of what I was doing. Like often now a window in IE or Explorer when opening will give me the "not responding" message, fade out, and sit there. When I call for the task manager, as soon as it opens its window, the hang up fixes itself and things go on in a normal fashion. Things like this will occur 3, 4 5 times in a 4 hour work session. These thing didn't begin until about the time or a little after I switched to Norton IS 2012. Though as it was several months ago I wouldn't swear to it. I do not remember these kinds of things during my aVast experience though. At least if they occurred there were so rare they weren't enough to stick in my memory or cause me enough frustration to begin researching and diagnosing and cleaning up...

If it is reasonable, I think I would like to approach it as a malware issue for awhile for the learning experience but if I have to I will do the necessary steps to do a clean reinstall and rebuild my system....

sincere thanks again,

Mike in WV

 

Hi Mike,

Sorry to hear about your problems. I too have a sick W7 PC that is freezing up on me. I am not an expert, but I strongly suspect that Arie or someone else will want to move your thread to the forum http://www.windowsbbs.com/malware-virus-removal/.

In the meantime, I suggest you read the sticky at the top of that forum and follow their instructions. It sounds like you have run many of the tests they ask for. I do know from experience that you need to post results to the requested tests before someone can start helping you. Since a full virus scan and other items can take a while (mine took two hours), you can get started now.

Good luck!
Chip

 

Should/can I move it myself? Or repost it there or will that just make more work for everyone? I just didn't look enough for the malware forum.

Noobs, not only disturbing flashbacks to jr. and high schools (military brat...) but surely the bain of folks existence on these forums!!!

thanks for your reply. Learned something new, and don't feel as much the noob at the new school!

Mike

 

Mike - I wish I knew. Arie and his team are usually pretty quick about moving a post if needed. I have never done so myself.

My suggestion is to do nothing until you have ran all of the tests they ask for in Malwarre - that is a full system scan by your AV, Malwarebytes quick scan, GMER, aswMBR, and DDS. Once you have all those results/logs ready to post - see if someone moved it. If not. you could start a new thread - but I would only do that if you can mark your current thread as "resolved or closed ". I would then post a comment that you re-posted in the other forum. Hope that makes sense.

Everyone here is still learning. This forum has saved my behind a number of times over the years. You will be glad you found it - trust me.

BTW, when your post gets moved it will be sitting right on top of a new post of mine

 

In appreciation...

Thanks guys for the help and guidance...

I will endeavor to be more thoughtful as I journey down this path with this invaluable resource...

See ya over at the Malware forum...

Mike

 

I'm beginning the procedure as outlined in the post you referred me to today using the tools to create the logs to post here. As I understand from reading around, please correct me, I should not attempt anymore cleanup efforts of my own at this time, but follow the steps as outlined, post the logs and wait until I hear next from the guys who know what they are doing, and then follow their guidance until they tell me that it's fixed and clean, or they refer me elsewhere, right? I should have all logs posted by the end of day barring any issues that I will need to alert you here before acting on anything. This is how I understand the info. I have read in the stickies and posts here. Is this correct???
Thanks for your patience with this newbie! I know my post title isn't according to guidelines, should I change it (if possible) or just be proper in the future?
Mike

 

So much for plans! I just now got back to working on my laptop, so the logs should be posted tomorrow. I was tempted to try something that I saw on another source that I went to from a link in one of the stickies, but stopped and remembered what I had read in a comment on Mr. Chip's thread or comments... serendipity, better than a college education!

Thanks for clearing up that doubt broni.

 

Thanks for moving this where it belonged Pete C.... and I should have put it!

Learning is an ongoing process...

 

MBAM Log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mikw :: MIKE-7HP [administrator]

4/6/2012 5:34:01 PM
mbam-log-2012-04-06 (17-34-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217403
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

GMER Log

The GMER did not have a log. It reported nothing found, or removed at the end of its run.

Did I do that right? Or did should it have produced an empty page for a log?

 

MBR Check

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-06 20:26:41
-----------------------------
20:26:41.495 OS Version: Windows x64 6.1.7601 Service Pack 1
20:26:41.495 Number of processors: 2 586 0x603
20:26:41.505 ComputerName: MIKE-7HP UserName: mikw
20:26:42.625 Initialize success
20:31:56.057 AVAST engine defs: 12040601
20:32:46.008 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
20:32:46.008 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 11
20:32:46.024 Disk 0 MBR read successfully
20:32:46.039 Disk 0 MBR scan
20:32:46.039 Disk 0 unknown MBR code
20:32:46.055 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:32:46.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287179 MB offset 409600
20:32:46.117 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17762 MB offset 588552192
20:32:46.148 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
20:32:46.180 Disk 0 scanning C:\Windows\system32\drivers
20:33:04.369 Service scanning
20:33:44.664 Modules scanning
20:33:44.664 Disk 0 trace - called modules:
20:33:44.680 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
20:33:44.695 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031fa6d0]
20:33:44.695 3 CLASSPNP.SYS[fffff88001bc843f] -> nt!IofCallDriver -> [0xfffffa8003190b80]
20:33:44.695 5 amdxata.sys[fffff880010897a8] -> nt!IofCallDriver -> \Device\00000069[0xfffffa800318a060]
20:33:45.896 AVAST engine scan C:\Windows
20:33:48.892 AVAST engine scan C:\Windows\system32
20:40:31.879 AVAST engine scan C:\Windows\system32\drivers
20:41:06.839 AVAST engine scan C:\Users\mikw
20:46:02.215 AVAST engine scan C:\ProgramData
20:51:17.586 Scan finished successfully
21:34:22.316 Disk 0 MBR has been saved successfully to "C:\Users\mikw\Desktop\MBR.dat "
21:34:22.322 The log file has been saved successfully to "C:\Users\mikw\Desktop\aswMBRApril4.txt "



I also now have a file saved to my desktop, MBR.dat that arrived after running this scan. I can't open it with anything I have... Do you want that also, and if so, how do I get that to you?

 

DDS (2 Logs)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by mikw at 21:36:33 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.564 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\mikw\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\mikw\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\xfin_portal\CIDGlobalLight.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://comcast.net/
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Speckie: {8ce7f568-67fa-4432-ba39-f5afd68e7b8b} - C:\Users\mikw\AppData\Roaming\Speckie\bin32\Speckie32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Clipdiary] C:\Program Files (x86)\Clipdiary\clipdiary.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
uRun: [Google Update] "C:\Users\mikw\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\mikw\AppData\Local\Programs\Google\MusicManager\MusicManager.exe "
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
StartupFolder: C:\Users\mikw\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\mikw\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\XPS2ON~1.LNK - C:\Users\mikw\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Clear Fields - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Logoff - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html
IE: Password Generator - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: Reset Fields - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html
IE: RoboForm Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm Options - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html
IE: RoboForm TaskBar Icon - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Set Fields - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Sync RoboForm Data - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSync.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00103-0000-0003-ABCDEFFEDCBC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4D} - {320AF880-6646-11D3-ABEE-C5DBF3571F4D} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F50} - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F52} - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F53} - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F54} - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F55} - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\mikw\AppData\Roaming\Speckie\bin32\Speckie32.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{2D594649-E5DA-4A5D-A79D-3C273500E70A} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{2D594649-E5DA-4A5D-A79D-3C273500E70A}\130364851323134343836363 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe "
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO-X64: XFINITY Toolbar - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\mikw\AppData\Roaming\Speckie\bin32\Speckie32.dll
BHO-X64: Speckie - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO-X64: Updater For XFIN_PORTAL - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mikw\AppData\Roaming\Mozilla\Firefox\Profiles\wzmzvzyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=mtmh03222012
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\mikw\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\mikw\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120406.002\IDSviA64.sys [2012-4-6 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-21 138360]
R3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S3 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
S3 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-3-25 61064]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-06 21:24:03 29808 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-04-06 15:25:37 -------- d-----w- C:\Windows\pss
2012-04-04 18:17:23 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 16:04:51 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-26 00:55:26 25224 ----a-w- C:\Windows\System32\fbnative.exe
2012-03-25 19:05:15 -------- d-----w- C:\Users\mikw\AppData\Local\XPS2OneNote
2012-03-25 18:58:36 -------- d-----w- C:\Program Files (x86)\CodePlex
2012-03-23 14:03:02 97208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-03-22 17:28:20 -------- d-----w- C:\Program Files (x86)\Wise PC Engineer
2012-03-22 12:50:48 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0405000.022
2012-03-22 12:50:48 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2012-03-22 12:50:46 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-03-20 01:05:40 -------- d-----r- C:\Program Files (x86)\Skype
2012-03-19 22:21:10 -------- d-----w- C:\Program Files\Comcast
2012-03-19 22:21:02 -------- d-----w- C:\Program Files (x86)\Comcast
2012-03-19 22:19:42 -------- d-----w- C:\Program Files (x86)\Common Files\Motive
2012-03-19 22:19:33 -------- d-----w- C:\Program Files\Common Files\Motive
2012-03-19 17:32:01 -------- d-----w- C:\Users\mikw\AppData\Roaming\Wise Disk Cleaner
2012-03-19 17:31:26 -------- d-----w- C:\Program Files (x86)\Wise Disk Cleaner
2012-03-19 17:20:28 -------- d-----w- C:\Users\mikw\AppData\Roaming\Wise Registry Cleaner
2012-03-19 17:16:25 -------- d-----w- C:\Program Files (x86)\Wise Registry Cleaner
2012-03-19 15:10:09 1656 ----a-w- C:\Windows\System32\ASOROSet.bin
2012-03-19 15:04:25 -------- d-----w- C:\Users\mikw\AppData\Roaming\SpeedMaxPc
2012-03-19 15:04:25 -------- d-----w- C:\Users\mikw\AppData\Roaming\DriverCure
2012-03-19 15:03:57 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-03-19 14:35:46 -------- d-----w- C:\Users\mikw\AppData\Roaming\Systweak
2012-03-19 14:35:36 18816 ----a-w- C:\Windows\System32\roboot64.exe
2012-03-19 01:56:52 -------- d-----w- C:\Users\mikw\AppData\Roaming\VS Revo Group
2012-03-18 00:17:05 -------- d-----w- C:\Users\mikw\AppData\Local\NPE
2012-03-18 00:11:14 -------- d-----w- C:\Users\mikw\AppData\Local\Symantec
2012-03-17 05:33:48 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-03-17 05:33:47 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-03-17 05:33:47 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-03-17 05:33:47 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-03-17 05:33:47 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-03-17 05:33:46 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-03-17 05:32:46 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D
2012-03-17 05:32:46 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-03-17 03:06:08 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-17 03:06:07 -------- d-----w- C:\Program Files\Symantec
2012-03-17 03:05:35 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-03-17 03:05:27 -------- d-----w- C:\ProgramData\NortonInstaller
2012-03-17 03:05:27 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-03-17 02:09:02 -------- d-----w- C:\Users\mikw\AppData\Roaming\f-secure
2012-03-17 02:08:47 -------- d-----w- C:\ProgramData\F-Secure
2012-03-16 20:22:50 -------- d-----w- C:\ProgramData\Norton
2012-03-16 17:14:54 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3394C38E-1E5A-47C1-BBA1-89A5B04B62B6}\mpengine.dll
2012-03-16 12:45:31 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-16 11:11:27 -------- d-----w- C:\Program Files (x86)\xfin_portal
2012-03-15 20:37:56 -------- d-----w- C:\Users\mikw\AppData\Roaming\Tific
2012-03-15 20:30:52 -------- d-----w- C:\Program Files (x86)\Microsoft Office OneNote 2007 PowerToys
2012-03-15 18:55:08 -------- d-----w- C:\ProgramData\WeCareReminder
2012-03-14 14:38:44 -------- d-----w- C:\Users\mikw\AppData\Local\LogMeIn Rescue Applet
2012-03-14 10:51:15 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 10:51:14 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:51:14 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 10:46:13 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 10:46:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 10:46:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 10:46:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 10:46:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 10:46:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 10:45:33 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 10:45:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 10:45:33 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 10:45:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 18:08:12 -------- d-----w- C:\Program Files (x86)\SlimDrivers
2012-03-12 03:10:45 -------- d-----w- C:\Program Files (x86)\Easy Audio Mp3 Wma Ogg Cutter
2012-03-12 03:08:21 200704 ----a-w- C:\Windows\SysWow64\vbalExpBar6.ocx
2012-03-12 03:08:20 484352 ----a-w- C:\Windows\SysWow64\lame_enc.dll
2012-03-12 03:08:20 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll
2012-03-12 03:08:20 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL
2012-03-12 03:08:20 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL
2012-03-12 03:08:20 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
2012-03-12 03:08:20 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
2012-03-12 03:08:20 115920 ----a-w- C:\Windows\SysWow64\msinet.OCX
2012-03-12 03:08:20 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL
2012-03-12 03:08:20 -------- d-----w- C:\Users\mikw\AppData\Roaming\FreeBurner
2012-03-12 03:08:20 -------- d-----w- C:\Program Files (x86)\Free Easy CD DVD Burner
2012-03-12 02:07:54 -------- d-----w- C:\DVD Burning Temp Space
2012-03-11 16:07:33 -------- d-----w- C:\Users\mikw\AppData\Local\{66355343-143B-43FA-AF56-1A3AA781A318}
2012-03-11 16:07:23 -------- d-----w- C:\Users\mikw\AppData\Local\{E61A78CD-9F36-4C97-84DE-2E6269337B6C}
2012-03-11 15:39:32 -------- d-----w- C:\ProgramData\Freemake
2012-03-11 15:39:21 -------- d-----w- C:\Program Files (x86)\Freemake
2012-03-11 15:29:39 -------- d-----w- C:\Program Files (x86)\Solveig Multimedia
2012-03-11 15:29:39 -------- d-----w- C:\Program Files (x86)\Common Files\Solveig Multimedia
2012-03-11 15:21:02 -------- d-----w- C:\Program Files (x86)\AVIedit
2012-03-11 12:57:18 -------- d-----w- C:\Users\mikw\AppData\Roaming\FreeVideoConverter
2012-03-11 12:57:18 -------- d-----w- C:\Program Files (x86)\Free Video Converter
2012-03-11 12:37:17 -------- d-----w- C:\Users\mikw\AppData\Roaming\Winff
2012-03-11 12:35:19 -------- d-----w- C:\Users\mikw\AppData\Local\APN
2012-03-11 12:34:44 -------- d-----w- C:\Users\mikw\AppData\Roaming\WeatherBug
2012-03-11 12:32:07 -------- d-----w- C:\Program Files (x86)\WinFF
2012-03-11 05:34:05 -------- d-----w- C:\Program Files (x86)\AnvSoft
2012-03-11 01:12:30 -------- d-----w- C:\Users\mikw\AppData\Roaming\AnvSoft
2012-03-11 00:39:30 -------- d-----w- C:\ProgramData\PIXELA
2012-03-11 00:35:49 -------- d-----w- C:\Program Files (x86)\Digital Photo Navigator 1.5
2012-03-11 00:35:16 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-03-11 00:35:15 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-03-11 00:35:15 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-03-11 00:35:15 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-03-09 12:15:08 -------- d-----w- C:\Program Files\Free Opener
2012-03-09 12:14:30 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-03-09 11:11:05 -------- d-----w- C:\Program Files (x86)\ADLSoft UnCompressor
.
==================== Find3M ====================
.
2012-04-04 18:17:39 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 16:03:52 13920 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-02-24 02:31:00 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-02-24 02:31:00 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 14:00:35 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-02-17 14:00:35 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-08 19:48:06 48264 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys
2012-01-26 01:23:43 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-01-25 23:56:46 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2012-01-12 00:19:16 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 21:38:49.53 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2011 7:58:22 PM
System Uptime: 4/4/2012 5:23:41 PM (52 hours ago)
.
Motherboard: Hewlett-Packard | | 1444
Processor: AMD Athlon(tm) II P340 Dual-Core Processor | Socket S1G4 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 280 GiB total, 225.146 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.472 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 345.547 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP281: 3/19/2012 11:26:46 AM - Revo Uninstaller Pro's restore point - SpeedMaxPc
RP283: 3/19/2012 11:52:28 AM - Revo Uninstaller Pro's restore point - RegClean Pro
RP284: 3/19/2012 11:53:17 AM - RegClean Pro Mon, Mar 19, 12 11:53
RP285: 3/19/2012 1:34:05 PM - Slimming Windows - Wise Disk Cleaner
RP286: 3/22/2012 1:31:36 PM - pc Engineer trial
RP287: 3/25/2012 2:57:47 PM - Installed XPS2OneNote
RP288: 4/2/2012 3:51:44 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
AllDup 3.4.0
AMD USB Filter Driver
Any Video Converter 3.3.5
Atheros Driver Installation Program
AVIedit 3.39
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
CA Pest Patrol Realtime Protection
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Clipdiary 3.4
CyberLink YouCam
D3DX10
Digital Photo Navigator 1.5
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dramatica Pro
Dramatica Pro Story Wizard
Dropbox
EaseUS Todo Backup Free 4.0
Easy Audio Cutter V2.1
Easy Solve
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Evernote v. 4.5.3
Fast Duplicate File Finder 3.2.0.1
FATE
FileHippo.com Update Checker
Final Drive Nitro
Free Easy Burner V 5.1
Free Mp3 Wma Converter V 2.2
Free Video Converter V 3.1
Freemake Video Converter version 3.0.1
Glary Utilities 2.43.0.1419
Google Chrome
Google Earth
Google Talk (remove only)
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Help
HP Documentation
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Software Framework
HP Update
Hulu Desktop
Java Auto Updater
Java(TM) 7 Update 3
Jewel Quest 3
Jewel Quest Solitaire 2
K-Lite Codec Pack 8.4.0 (Standard)
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 11.0 (x86 en-US)
MSVC80_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
Norton Bootable Recovery Tool Wizard
Norton Security Suite
PC Connectivity Solution
Penguins!
Picasa 3
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RoboForm 7-7-4 (All Users)
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Send to OneNote 2007
Skype Click to Call
Skypeâ„¢ 5.8
SlimCleaner
SlimComputer
SlimDrivers
SolveigMM AVI Trimmer
swMSM
Uniblue RegistryBooster
Uniblue SystemTweaker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wise Disk Cleaner 6.32
Wise PC Engineer 6.4.2
Wise Registry Cleaner 6.21
Wondershare MobileGo ( Version 1.1.0 )
XFINITY Toolbar
XPS2OneNote
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
4/5/2012 1:22:59 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/4/2012 11:39:58 AM, Error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The system cannot find the path specified.
4/4/2012 11:39:55 AM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.
4/4/2012 11:36:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
.
==== End Of File ===========================

 

A quick update about the laptop behavior

When I mentioned the " _______ not responding" message I am getting atop IE windows and Explorer windows and how if I wait 30-90 seconds they usually clear up. I do sometimes hit the ctrl/alt/delete keys to bring up the task manager and as soon as I do that the message disappears and the window starts responding normally.

Today I began noticing that anything I opened, an Excel SS, a WordPad Document, a One Note workbook, everything I open, will, every now and then (to the tune of 8-10 times a day) will freeze up, display that "not responding" message and either after the minute or so correct itself or after I hit the ctrl/alt/del keys it corrects itself. Very rarely do I need to actually use the Task Manger to fix the issue..

And it doesn't matter if I am streaming something or not, watching a movie or not. I can just be inputting a chapter and up pops the Norton notification about "Critical CPU Usage" being low and or the 'not responding message shows up.

Thanks for all your hard work,

Mike

 

No shortcuts work now

I ran ComboFix, the laptop restarted, produced the log and now none of the shortcuts in the Start menu or Taskbar work. "Illegal operation attempted on a Registry key that has been marked for deletion. " error message pops u making my laptop pretty much a bookend ... I am writing this from my phone. I guess I could somehow copy the log to my phone? ? Probably too big though, ey? I'll check back with my phone in a bit.
Mike