MalwareBeatDown

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About MalwareBeatDown

  • Rank
    Newbie
  1. How can I add a folders rather than just individual files to the ignore list? Now the ignore list only seems to take individual files. I have large folders with simple files like pictures which do not need to be scanned. Thanks Pat
  2. I have Windows 7 Home Edition on a Toshiba Satellite C655 laptop. This computer is about two years old. I have run AdAware 10.5.2.4379 with the latest definitions. I ran the full scan A trojan or malware was found and deleted. Now when I start my computer I get the error message below: "There was a problem starting c:\Users\patm\appdata\Local\Temp\semvebn\spcpsuu\wow.dll" I tried using MSCONFIG to remove all startup programs but this had no effect. I have the program dds.com and attached the two files attach.txt and dds.txt. I have also copy/pasted the text from those files into this email as instructed. I have done searches in my registry and the hard drive for wow.dll and found nothing. I tried to copy the path c:\Users\patm\appdata\Local\Temp\semvebn\spcpsuu\wow.dll into the Windows Explorer and it says path not accessible. I did research this on the internet and other sites say this is caused by a partial cleanup of a virus but no one had a solution. Can you please recommend a solution. I am stumped. ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/28/2010 12:51:02 AM System Uptime: 5/6/2013 12:41:12 PM (1 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 118.793 GiB free. D: is CDROM () E: is FIXED (NTFS) - 75 GiB total, 54.052 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP378: 4/27/2013 7:41:09 PM - Windows Update RP379: 4/28/2013 3:59:24 PM - Removed Ad-Aware Antivirus. RP380: 4/30/2013 3:00:22 AM - Windows Update RP381: 5/3/2013 8:53:40 AM - Windows Update RP382: 5/5/2013 11:39:20 PM - Removed Ad-Aware Antivirus. . ==== Installed Programs ====================== . AccuLock Ad-Aware Antivirus Ad-Aware Security Add-on Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.3 Amazon Kindle Android platform 4.0.3 Android SDK Tools Any Video Converter 3.2.1 apache-ant-1.8.2 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Driver Installation Program Best Buy pc app BitTorrent Boost Libraries for C++Builder 2009 Boost Libraries for C++Builder XE3 Borland C++Builder 6 calibre CodeGear Delphi and C++Builder 2009 Database Pack CodeGear Delphi and C++Builder 2009 Help System CodeGear RAD Studio 2009 CodeSite Express 5.1.2 CollabNet Subversion Client 1.7.5 Conexant HD Audio D3DX10 Easy Thumbnails (Remove only) Embarcadero Delphi and C++Builder XE3 Help System Embarcadero InterBase XE3 [instance = gds_db] Embarcadero RAD Studio XE3 ESCV_v2 eSignal eSignal 10.6 Everything 1.2.1.371 FastReport 4 Embarcadero edition Feedback Tool Font Creator Program 4.5 Foxit Reader FoxTab FLV Player FTP Commander Google Update Helper Help & Manual 3.60 Help & Manual 6 Help & Manual 6 Premium Pack V2.10 HP Deskjet 1000 J110 series Basic Device Software HP Deskjet 1000 J110 series Help HP Deskjet 1000 J110 series Product Improvement Study HP Photo Creations HP Update HTML Help Workshop HTML5 Builder HTML5 Builder Android Project Tools ImgBurn Inno Setup version 5.4.0 Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager IntelliProtector client v2.22 IntelliProtector v2.21 InterBase 6.5 IP*Works! V9 C++ Builder Edition IQFeed Client 5.0.0.9 IQFeed Developer 5.0.0.9 Java Auto Updater Java 6 Update 22 Java 6 Update 35 Java SE Development Kit 6 Update 26 Junior Icon Editor Junk Mail filter update jZip Kindle Previewer [email protected] 1.0 LAME v3.98.2 for Audacity MarketWarrior4 MarketWarrior4 version 4.8.450 MetaStock 7.2 MetaStock Developer's Kit 8.0 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Default Manager Microsoft Document Explorer 2008 Microsoft Security Client Microsoft Security Essentials Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NOOK for PC Octoshape add-in for Adobe Flash Player OpenOffice.org 3.4.1 PlayReady PC Runtime amd64 PlayReady PC Runtime x86 QuickBooks QuickBooks Pro 2010 Rapport Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Skype Click to Call Skype™ 6.3 SmartBear AQtime 7 Standard for Embarcadero RAD Studio SmartBear AQtime 7 Standard for Embarcadero RAD Studio XE, XE2 and XE3 Synaptics Pointing Device Driver TMS Component Pack for Delphi / C++ Builder v6.7.0.0 TMS Component Pack Help Files for C++Builder 2009 for VCL TMS Component Pack Help Files for C++Builder 6 for VCL TMS Component Pack Samples TMS Grid for FireMonkey for RAD Studio XE3 v1.5.0.0 TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package ToshibaRegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) UpdateBuilder 1.0.0.0 WebM Media Foundation Components WinDjView 2.0.1 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinMerge 2.12.4 . ==== Event Viewer Messages From Past Week ======== . 5/6/2013 12:44:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service. 5/6/2013 12:42:18 PM, Error: Service Control Manager [7000] - The HOSTS Anti-PUPs service failed to start due to the following error: The system cannot find the file specified. 5/6/2013 12:38:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. 5/6/2013 12:38:02 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/6/2013 12:34:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 5/6/2013 12:33:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 5/6/2013 12:30:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 5/6/2013 12:28:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service. 5/6/2013 12:23:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 5/6/2013 12:16:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 5/6/2013 12:15:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} 5/6/2013 12:14:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service. 5/6/2013 12:14:31 PM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 5/6/2013 12:14:31 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/6/2013 12:14:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 5/6/2013 12:13:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 5/6/2013 12:13:01 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/6/2013 12:11:31 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 5/6/2013 12:11:01 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 5/6/2013 12:11:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service. 5/6/2013 12:11:01 PM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/6/2013 12:10:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service. 5/6/2013 12:10:31 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/6/2013 12:08:34 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/6/2013 12:07:34 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s). 5/6/2013 12:05:57 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s). 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/6/2013 12:05:57 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/6/2013 11:58:08 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 5/6/2013 11:53:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/6/2013 11:53:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/6/2013 11:53:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 5/6/2013 11:53:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 5/6/2013 11:53:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/6/2013 11:53:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/6/2013 11:53:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched RapportKE64 rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 5/6/2013 11:53:28 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/6/2013 11:53:28 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/6/2013 11:53:28 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/6/2013 11:53:28 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/6/2013 11:53:28 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/6/2013 11:53:27 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/6/2013 11:53:27 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/6/2013 11:53:27 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/6/2013 11:53:27 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/6/2013 11:53:27 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/6/2013 11:44:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} 5/6/2013 11:07:20 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/6/2013 1:06:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 5/5/2013 9:59:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 5/5/2013 8:49:08 PM, Error: Service Control Manager [7022] - The Ad-Aware service hung on starting. 5/5/2013 8:42:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800177db50, 0xfffff80000b9c4d0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 050513-21278-01. 5/5/2013 8:31:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1239.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80080005 Error description: Server execution failed 5/5/2013 8:04:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1239.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80080005 Error description: Server execution failed 5/5/2013 7:14:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service. 5/5/2013 7:14:52 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/5/2013 7:10:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1239.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80080005 Error description: Server execution failed 5/5/2013 6:15:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1239.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 5/5/2013 6:15:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 5/5/2013 5:35:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1239.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x80080005 Error description: Server execution failed 5/5/2013 11:59:22 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 5/5/2013 11:57:21 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 5/5/2013 11:57:21 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended. 5/5/2013 11:52:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect. 5/5/2013 11:52:53 PM, Error: Service Control Manager [7000] - The HOSTS Anti-PUPs service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/5/2013 11:29:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 5/5/2013 11:29:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 5/5/2013 11:26:24 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 5/5/2013 11:20:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 5/5/2013 11:18:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 5/5/2013 11:18:51 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/5/2013 11:15:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. 5/5/2013 11:15:57 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/5/2013 11:01:55 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The pipe has been ended. 5/3/2013 8:47:15 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 5/1/2013 3:10:02 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{05CEEF50-C087-4185-B455-A06E4B853EB4} because another computer on the network has the same name. The server could not start. . ==== End Of File =========================== DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 1.6.0_35 Run by patm at 13:01:14 on 2013-05-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1916.879 [GMT -5:00] . AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\ProgramData\Search Protection\SearchProtection.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\taskeng.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=1A78610EF5511FD7CFA0AC518738760D uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND uProxyOverride = <local> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4}\144545736383 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4}\2375942554730343 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4}\3416E63656273416573796E676E4564777F627B6 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4}\6596275737 : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned> x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\patm\AppData\Roaming\Mozilla\Firefox\Profiles\w1hrhpy3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.mikulaforecasting.com/ FF - prefs.js: browser.search.selectedEngine - SecureSearch FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=1A78610EF5511FD7CFA0AC518738760D FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-04-19 09:00; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\patm\AppData\Roaming\Mozilla\Firefox\Profiles\w1hrhpy3.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} FF - ExtSQL: 2013-04-19 09:02; [email protected]; C:\Users\patm\AppData\Roaming\Mozilla\Firefox\Profiles\w1hrhpy3.default\extensions\[email protected] . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-4-19 14456] R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2011-3-23 236248] R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-3-25 586072] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-2 357272] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336] R2 BlackfishSQL;BlackfishSQL;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe [2009-1-14 65536] R2 IBG_gds_db;InterBase XE3 Guardian gds_db;C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe -i "C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3" -p gds_db --> C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe -i C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3 [?] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-8-5 9216] R3 IBS_gds_db;InterBase XE3 Server gds_db;C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe -i "C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3" -p gds_db --> C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe -i C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3 [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-8-5 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?] S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000] S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-8-5 232992] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-5-26 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-11-28 1255736] S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208] S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] . =============== File Associations =============== . FileExt: .inf: inffile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-05-06 17:52:07 -------- d-----w- C:\Users\patm\AppData\Local\{47B8579E-4AE1-4957-9D86-F29C96481A12} 2013-05-06 05:01:23 -------- d-----w- C:\ProgramData\Search Protection 2013-05-06 05:01:20 -------- d-----w- C:\ProgramData\blekko toolbars 2013-05-06 05:01:20 -------- d-----w- C:\ProgramData\adawaretb 2013-05-06 05:01:19 -------- d-----w- C:\Users\patm\AppData\Local\adawarebp 2013-05-06 04:59:35 -------- d-----w- C:\Program Files (x86)\adawaretb 2013-05-06 04:56:13 47496 ----a-w- C:\windows\System32\sbbd.exe 2013-05-06 04:33:50 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{043DAF7C-BDCE-4751-B5BC-AC5CFC54CB56}\mpengine.dll 2013-05-06 00:55:43 -------- d-----w- C:\adawarebp 2013-05-05 12:08:24 -------- d-----w- C:\Users\patm\AppData\Local\{2CAF1902-D56B-4853-8A97-FA037E0E06C2} 2013-05-04 14:56:04 -------- d-----w- C:\Users\patm\AppData\Local\{5DE894B6-31A9-4529-BCC4-AC185F496DA7} 2013-05-04 14:36:58 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-04 01:58:44 -------- d-----w- C:\Users\patm\AppData\Local\{E4F3D15E-EA5B-40A9-972C-6F9A5BE7F726} 2013-05-03 13:44:47 -------- d-----w- C:\Users\patm\AppData\Local\{F8402D52-FAA7-4F41-ADF6-0B1F302EB27C} 2013-05-03 01:21:29 -------- d-----w- C:\Users\patm\AppData\Local\{C9F9242B-B1F4-4F10-9ED6-642714FBB0C8} 2013-05-02 13:21:13 -------- d-----w- C:\Users\patm\AppData\Local\{F5B79557-75CB-4B57-B396-A37784B0612F} 2013-05-02 01:15:02 -------- d-----w- C:\Users\patm\AppData\Local\{854F3DD2-81F1-48AD-B72B-45EB7D6DCB99} 2013-05-01 13:14:38 -------- d-----w- C:\Users\patm\AppData\Local\{98FFDAA6-C877-48FB-9246-0A9144D15A3A} 2013-05-01 01:14:02 -------- d-----w- C:\Users\patm\AppData\Local\{90AAE165-E696-4720-951A-F046B1945402} 2013-04-30 13:13:37 -------- d-----w- C:\Users\patm\AppData\Local\{DD0B9DAB-ED75-425A-B17C-EBBB0B5EEC80} 2013-04-29 22:20:58 -------- d-----w- C:\Users\patm\AppData\Local\{57A659B0-9AA5-4488-8477-9B0DF51B89B3} 2013-04-29 10:19:36 -------- d-----w- C:\Users\patm\AppData\Local\{094FBCB2-1052-4EF5-BF46-63FA46B3B4F7} 2013-04-28 22:13:16 -------- d-----w- C:\Users\patm\AppData\Local\{E1C94D09-197D-4707-8AD3-FD274B1A8F33} 2013-04-28 15:53:18 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2013-04-28 09:56:16 -------- d-----w- C:\Users\patm\AppData\Local\{FAF8489C-189F-4C63-85BF-B0577284F550} 2013-04-27 21:27:47 -------- d-----w- C:\Users\patm\AppData\Local\{E48F865E-E5FB-4AF6-B99C-B8A9CF0DB67B} 2013-04-27 09:26:23 -------- d-----w- C:\Users\patm\AppData\Local\{0C98CCE5-10F9-4203-9734-3A30DC05DCF3} 2013-04-26 15:11:18 -------- d-----w- C:\Users\patm\AppData\Local\{D60A3F9C-32A7-44E9-951A-3CE512DB9740} 2013-04-25 19:45:17 -------- d-----w- C:\Users\patm\AppData\Local\{C1AD3880-FA87-4489-B515-BD07A0891BF3} 2013-04-25 09:16:43 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BE7657CE-6970-437A-B9E1-80A3338558F5}\gapaengine.dll 2013-04-25 00:39:39 -------- d-----w- C:\Users\patm\AppData\Local\{C6132AE9-C887-4CCA-813C-5D6684552DFB} 2013-04-24 12:39:14 -------- d-----w- C:\Users\patm\AppData\Local\{63C6BF27-71A3-4B91-80F8-0ECDFD24F2BC} 2013-04-24 09:31:48 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs 2013-04-24 03:21:07 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys 2013-04-23 21:04:00 -------- d-----w- C:\Users\patm\AppData\Local\{99C01D3C-15E5-4A9B-8D46-A2EF74BC32E1} 2013-04-23 09:03:21 -------- d-----w- C:\Users\patm\AppData\Local\{23D55E24-A5EE-44C4-86CD-AD18BAD5306C} 2013-04-22 21:02:44 -------- d-----w- C:\Users\patm\AppData\Local\{4772E684-F3D8-41FA-BDD4-FE39DFD10218} 2013-04-22 08:33:34 -------- d-----w- C:\Users\patm\AppData\Local\{7BAA6881-2EA2-4858-8C6E-6E288352C7F0} 2013-04-21 19:06:02 -------- d-----w- C:\Users\patm\AppData\Local\{5A93DF23-09C4-480A-BFFF-2ACDC931736A} 2013-04-21 01:28:09 -------- d-----w- C:\Users\patm\AppData\Local\{BB5C78C9-78D2-4EB3-BF31-EFD4D589A8EE} 2013-04-20 12:49:21 -------- d-----w- C:\Users\patm\AppData\Local\{50A06744-2B07-4846-9578-8FA32559AB02} 2013-04-19 14:23:32 -------- d-----w- C:\Users\patm\AppData\Local\{321088D1-74A2-4D36-8524-40D5C3746925} 2013-04-19 14:07:54 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus 2013-04-19 14:07:53 -------- d-----w- C:\Users\patm\AppData\Roaming\LavasoftStatistics 2013-04-19 14:03:08 -------- d-----w- C:\ProgramData\Downloaded Installations 2013-04-19 14:02:48 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2013-04-19 14:02:32 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2013-04-19 13:59:19 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys 2013-04-19 13:59:14 -------- d-----w- C:\Users\patm\AppData\Roaming\Ad-Aware Antivirus 2013-04-19 06:48:23 -------- d-----w- C:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-04-19 06:48:18 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-04-19 06:09:51 -------- d-----w- C:\windows\snack 2013-04-19 02:22:41 -------- d-----w- C:\Users\patm\AppData\Local\{19F7EC5B-7D93-48FA-AF58-EBC13DED7A5E} 2013-04-18 14:22:04 -------- d-----w- C:\Users\patm\AppData\Local\{03A7B4BC-86C2-4EB2-8CEF-F9727F60EAEC} 2013-04-18 02:21:33 -------- d-----w- C:\Users\patm\AppData\Local\{24D3B9A6-BB4E-41CC-98DA-76255EA19289} 2013-04-17 14:20:50 -------- d-----w- C:\Users\patm\AppData\Local\{A4E9ED65-AB4F-4A04-9CFB-C6A60A971070} 2013-04-17 02:20:28 -------- d-----w- C:\Users\patm\AppData\Local\{9F0FA1AA-385C-4C1F-A2AD-5D06992C43DC} 2013-04-16 12:55:51 -------- d-----w- C:\Users\patm\AppData\Local\{779071D1-3420-4993-8105-783B68573A58} 2013-04-16 00:55:29 -------- d-----w- C:\Users\patm\AppData\Local\{019C4A38-6FAC-4421-9E21-1CBCA0E87FD5} 2013-04-15 20:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-15 20:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-15 12:54:48 -------- d-----w- C:\Users\patm\AppData\Local\{BCFD8478-B87E-4511-B297-49ED011FC2CA} 2013-04-15 00:22:20 -------- d-----w- C:\Users\patm\AppData\Local\{6B5456BB-6A11-4306-9906-4D5C847FCE94} 2013-04-14 02:32:07 -------- d-----w- C:\Users\patm\AppData\Local\{18035F4F-E246-4371-8EAA-71E8FBC5330E} 2013-04-13 14:11:39 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-04-13 11:53:59 -------- d-----w- C:\Users\patm\AppData\Local\{77072336-8DAA-45C9-8E34-9ECF7704CE30} 2013-04-12 23:53:03 -------- d-----w- C:\Users\patm\AppData\Local\{A26E3FB7-61DB-43E2-ACB0-8A3132341E8B} 2013-04-12 10:45:10 -------- d-----w- C:\Users\patm\AppData\Local\{9CDE3608-2D97-4A18-9382-89578D9A8C73} 2013-04-11 22:44:34 -------- d-----w- C:\Users\patm\AppData\Local\{63D4CBCD-6CE6-4A74-A15C-44610E6B4E2B} 2013-04-11 08:09:43 -------- d-----w- C:\Users\patm\AppData\Local\{F75F2324-517A-4137-9116-55917D7AE3BD} 2013-04-10 20:09:14 -------- d-----w- C:\Users\patm\AppData\Local\{84557DFD-773B-448A-A11A-408CDF98B89F} 2013-04-10 07:14:25 -------- d-----w- C:\Users\patm\AppData\Local\{33228539-C93B-462D-81F7-18CC2A357277} 2013-04-09 19:13:50 -------- d-----w- C:\Users\patm\AppData\Local\{18B089C4-6CCD-4881-9F6D-D350C113DF3D} 2013-04-08 19:02:13 -------- d-----w- C:\Users\patm\AppData\Local\{2451E843-8283-43BC-9A81-A5D3C193A3D5} 2013-04-08 04:49:19 -------- d-----w- C:\Users\patm\AppData\Local\{52F1E461-6390-48DC-8DCB-CDB7CD99E9B1} 2013-04-07 13:29:15 -------- d-----w- C:\Users\patm\AppData\Local\{9319F3A2-F638-44E1-A531-60F0FA629047} 2013-04-07 13:06:05 -------- d-----w- C:\Program Files (x86)\MarketWarrior4 2013-04-07 12:47:26 22016 ----a-w- C:\windows\SysWow64\borlndmm.dll 2013-04-07 10:56:58 -------- d-----w- C:\Users\patm\AppData\Local\{9B46A8FE-B6C7-46D9-84CA-000C9C6AB62C} 2013-04-07 05:28:52 -------- d-----w- C:\Users\patm\AppData\Local\{25B87245-FDBD-4E75-827A-0B87D2ED322A} . ==================== Find3M ==================== . 2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-04-28 00:33:33 691592 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-04-28 00:33:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-02 18:16:10 236248 ----a-w- C:\windows\System32\drivers\RapportKE64.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe 2013-03-01 03:36:04 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-02-15 06:08:40 44032 ----a-w- C:\windows\System32\tsgqec.dll 2013-02-15 06:06:11 3717632 ----a-w- C:\windows\System32\mstscax.dll 2013-02-15 06:02:26 158720 ----a-w- C:\windows\System32\aaclient.dll 2013-02-15 04:37:10 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll 2013-02-15 04:34:10 131584 ----a-w- C:\windows\SysWow64\aaclient.dll 2013-02-15 03:25:51 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll 2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys . ============= FINISH: 13:06:45.11 =============== attach.txt dds.txt
  3. I read the instructions on the web page below. The DDS file downloads from one of the links as "dds.com" and the second link downloads "dds.scr". I am not familiar with the .com or .scr file extensions. Are these applications like a .exe? Which one of these files should I double click on my desktop as described in the instructions? I have Windows 7 64-bit computer. http://www.lavasoftsupport.com/index.php?showtopic=30823 Thanks Patrick
  4. I am using Ad-Aware free version 10.5.2.4379 I am working to remove a difficult Google redirect Virus and I need to turn off Ad-Aware to run the dds.com. I can only find instructions for different program versions. Can you tell me ho to temporarily turn off my version of Ad-Aware? Thank You Patrick