HI,
Im new and have never posted on a forum before so i hope im doing this right. So my one year old ripped the space bar off of my laptop so its in service and they gave me this loner, which has no antivirus/malware protection. I wasnt aware of this at the time, but about a week ago (maybe longer) it started acting funny, and now i cant open the task manager, it wont let me shut it down (have to hold down the power button to do that), it wont let me do a system restore, or install antivirus programs. ive tryed spybot, and malwarebytes but they dont find anything. I dont know what else i can do if anything, as my name states im computer eliterate, and im really sorry if i didnt do this right. Here are my logs.:4-dontkno
DDS (Version 1.0) - NTFSx86
Run by owner at 3:12:54.95 on Thu 11/20/2008
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.956 [GMT -6:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\owner\AppData\Local\Temp\Temp1_gmer[1].zip\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\owner\Desktop\dds.scr
============== Psuedo HJT Report ===============
uStart Page = hxxp://www.google.com/ig
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe
=============== Created Last 30 ================
2008-11-20 02:50 250 a------- c:\windows\gmer.ini
2008-11-20 01:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-20 01:01 196,732,094 a------- c:\windows\MEMORY.DMP
2008-11-20 00:40 <DIR> --d----- c:\programdata\PCPitstop
2008-11-20 00:40 <DIR> --d----- c:\progra~2\PCPitstop
2008-11-20 00:39 <DIR> --d----- c:\program files\PCPitstop
2008-11-19 14:32 <DIR> --d----- c:\programdata\WLInstaller
2008-11-19 14:05 <DIR> --d----- c:\program files\Symantec
2008-11-19 14:05 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-11-19 14:01 <DIR> --d----- c:\programdata\Symantec
2008-11-19 14:01 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-19 14:01 <DIR> --d----- c:\progra~2\Symantec
2008-11-19 00:05 <DIR> --d----- c:\users\owner\appdata\roaming\Malwarebytes
2008-11-19 00:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-19 00:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-19 00:05 <DIR> --d----- c:\programdata\Malwarebytes
2008-11-19 00:05 <DIR> --d----- c:\progra~2\Malwarebytes
2008-11-19 00:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-16 01:36 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-11-16 01:36 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-16 01:36 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-11-15 17:02 <DIR> --d----- c:\programdata\Dell
2008-11-15 17:02 <DIR> --d----- c:\progra~2\Dell
2008-11-15 16:31 <DIR> --d----- c:\programdata\CyberLink
2008-11-15 16:30 1,047,552 a------- c:\windows\system32\MFC71u.dll
2008-11-15 16:30 89,088 a------- c:\windows\system32\atl71.dll
2008-11-15 16:18 <DIR> --d----- c:\program files\Trend Micro
2008-11-11 16:11 <DIR> --d----- c:\users\owner\{6f6a56f6-e21d-4932-857d-eace1368c09e}
2008-11-11 15:55 <DIR> --d----- c:\users\owner\{7fbcc9d3-1659-4e9c-be5c-e15cfd6ff3c8}
2008-11-11 15:54 <DIR> --d----- c:\program files\Canon
2008-11-09 23:44 <DIR> --d----- c:\users\owner\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-09 22:52 <DIR> --d----- c:\program files\DivX
2008-11-07 16:46 <DIR> --d----- c:\users\owner\appdata\roaming\LimeWire
2008-11-07 14:20 <DIR> --d----- c:\programdata\Adobe
2008-11-07 14:18 <DIR> --d----- c:\programdata\NOS
2008-11-07 14:14 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-05 17:57 784,896 a------- c:\windows\system32\rpcrt4.dll
2008-11-05 15:46 <DIR> --d----- C:\PerfLogs
2008-11-05 14:23 274,432 a------- c:\windows\system32\bcrypt.dll
2008-11-05 14:22 1,580,544 a------- c:\windows\system32\wpccpl.dll
2008-11-05 14:21 599,552 a------- c:\windows\system32\vsp1cln.exe
2008-11-04 23:02 32,592 a------- c:\windows\system32\msonpmon.dll
2008-11-04 23:00 <DIR> --d----- c:\windows\PCHEALTH
2008-11-04 22:58 <DIR> --d----- c:\windows\SHELLNEW
2008-11-04 22:57 <DIR> --d----- c:\programdata\Microsoft Help
2008-11-04 22:37 <DIR> --d----- c:\users\owner\appdata\roaming\GetRightToGo
2008-11-04 17:15 269,312 a------- c:\windows\system32\es.dll
2008-11-04 17:14 443,392 a------- c:\windows\system32\win32spl.dll
2008-11-04 17:14 37,888 a------- c:\windows\system32\printcom.dll
==================== Find3M ====================
2008-11-15 16:30 <DIR> --d----- c:\program files\Dell
2008-11-11 11:12 <DIR> --d----- c:\users\owner\appdata\roaming\TMP
2008-11-05 15:47 <DIR> --d----- c:\program files\Windows Collaboration
2008-11-05 15:37 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-11-05 15:37 82,432 a------- c:\windows\system32\axaltocm.dll
2008-10-15 11:30 <DIR> --d----- c:\program files\Creative
2008-10-15 11:30 <DIR> --d----- c:\program files\common files\Reallusion
2008-10-15 11:29 <DIR> --d----- c:\program files\Creative Live! Cam
2008-10-15 10:59 61,440 a------- c:\windows\system32\winipsec.dll
2008-10-15 10:59 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-10-15 10:59 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-10-15 10:59 272,896 a------- c:\windows\system32\polstore.dll
2008-10-15 10:57 28,160 a------- c:\windows\system32\Apphlpdm.dll
2008-10-15 10:57 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-10-15 10:57 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-15 10:57 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-15 10:57 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-15 10:57 1,695,744 a------- c:\windows\system32\gameux.dll
2008-10-15 10:57 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-15 10:57 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-15 10:48 2,048 a------- c:\windows\system32\tzres.dll
2008-10-15 10:46 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-10-15 10:46 2,032,640 a------- c:\windows\system32\win32k.sys
2008-10-15 10:34 6,656 a------- c:\windows\system32\kbd106n.dll
2008-10-15 10:34 988,216 a------- c:\windows\system32\winload.exe
2008-10-15 10:34 927,288 a------- c:\windows\system32\winresume.exe
2008-10-15 10:34 615,992 a------- c:\windows\system32\ci.dll
2008-10-15 10:34 378,368 a------- c:\windows\system32\srcore.dll
2008-10-15 10:34 318,464 a------- c:\windows\system32\rstrui.exe
2008-10-15 10:34 46,592 a------- c:\windows\system32\setbcdlocale.dll
2008-10-15 10:34 40,960 a------- c:\windows\system32\srclient.dll
2008-10-15 10:34 19,000 a------- c:\windows\system32\kd1394.dll
2008-10-15 10:34 14,848 a------- c:\windows\system32\srdelayed.exe
2008-10-15 10:31 295,936 a------- c:\windows\system32\gdi32.dll
2008-10-15 10:28 14,848 a------- c:\windows\system32\wshrm.dll
2008-10-15 10:26 738,304 a------- c:\windows\system32\inetcomm.dll
2008-10-15 10:26 84,480 a------- c:\windows\system32\INETRES.dll
2008-10-15 10:25 1,314,816 a------- c:\windows\system32\quartz.dll
2008-10-15 10:24 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-10-15 10:24 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-10-15 10:23 827,392 a------- c:\windows\system32\wininet.dll
2008-10-15 10:05 <DIR> --d----- c:\program files\Marvell
2008-10-15 10:03 <DIR> --d----- c:\program files\Cisco
2008-10-15 09:50 <DIR> --d----- c:\program files\CONEXANT
2008-10-15 09:47 <DIR> --d----- c:\program files\SigmaTel
2008-09-17 22:56 125,952 a------- c:\windows\system32\wersvc.dll
2008-09-17 22:56 147,456 a------- c:\windows\system32\Faultrep.dll
2007-02-21 13:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 3:13:19.97 ===============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:56 AM, on 11/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\killer.exe.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 3378 bytes
Im new and have never posted on a forum before so i hope im doing this right. So my one year old ripped the space bar off of my laptop so its in service and they gave me this loner, which has no antivirus/malware protection. I wasnt aware of this at the time, but about a week ago (maybe longer) it started acting funny, and now i cant open the task manager, it wont let me shut it down (have to hold down the power button to do that), it wont let me do a system restore, or install antivirus programs. ive tryed spybot, and malwarebytes but they dont find anything. I dont know what else i can do if anything, as my name states im computer eliterate, and im really sorry if i didnt do this right. Here are my logs.:4-dontkno
DDS (Version 1.0) - NTFSx86
Run by owner at 3:12:54.95 on Thu 11/20/2008
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.956 [GMT -6:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\owner\AppData\Local\Temp\Temp1_gmer[1].zip\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\owner\Desktop\dds.scr
============== Psuedo HJT Report ===============
uStart Page = hxxp://www.google.com/ig
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe
=============== Created Last 30 ================
2008-11-20 02:50 250 a------- c:\windows\gmer.ini
2008-11-20 01:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-20 01:01 196,732,094 a------- c:\windows\MEMORY.DMP
2008-11-20 00:40 <DIR> --d----- c:\programdata\PCPitstop
2008-11-20 00:40 <DIR> --d----- c:\progra~2\PCPitstop
2008-11-20 00:39 <DIR> --d----- c:\program files\PCPitstop
2008-11-19 14:32 <DIR> --d----- c:\programdata\WLInstaller
2008-11-19 14:05 <DIR> --d----- c:\program files\Symantec
2008-11-19 14:05 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-11-19 14:01 <DIR> --d----- c:\programdata\Symantec
2008-11-19 14:01 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-19 14:01 <DIR> --d----- c:\progra~2\Symantec
2008-11-19 00:05 <DIR> --d----- c:\users\owner\appdata\roaming\Malwarebytes
2008-11-19 00:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-19 00:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-19 00:05 <DIR> --d----- c:\programdata\Malwarebytes
2008-11-19 00:05 <DIR> --d----- c:\progra~2\Malwarebytes
2008-11-19 00:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-16 01:36 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-11-16 01:36 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-16 01:36 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-11-15 17:02 <DIR> --d----- c:\programdata\Dell
2008-11-15 17:02 <DIR> --d----- c:\progra~2\Dell
2008-11-15 16:31 <DIR> --d----- c:\programdata\CyberLink
2008-11-15 16:30 1,047,552 a------- c:\windows\system32\MFC71u.dll
2008-11-15 16:30 89,088 a------- c:\windows\system32\atl71.dll
2008-11-15 16:18 <DIR> --d----- c:\program files\Trend Micro
2008-11-11 16:11 <DIR> --d----- c:\users\owner\{6f6a56f6-e21d-4932-857d-eace1368c09e}
2008-11-11 15:55 <DIR> --d----- c:\users\owner\{7fbcc9d3-1659-4e9c-be5c-e15cfd6ff3c8}
2008-11-11 15:54 <DIR> --d----- c:\program files\Canon
2008-11-09 23:44 <DIR> --d----- c:\users\owner\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-09 22:52 <DIR> --d----- c:\program files\DivX
2008-11-07 16:46 <DIR> --d----- c:\users\owner\appdata\roaming\LimeWire
2008-11-07 14:20 <DIR> --d----- c:\programdata\Adobe
2008-11-07 14:18 <DIR> --d----- c:\programdata\NOS
2008-11-07 14:14 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-05 17:57 784,896 a------- c:\windows\system32\rpcrt4.dll
2008-11-05 15:46 <DIR> --d----- C:\PerfLogs
2008-11-05 14:23 274,432 a------- c:\windows\system32\bcrypt.dll
2008-11-05 14:22 1,580,544 a------- c:\windows\system32\wpccpl.dll
2008-11-05 14:21 599,552 a------- c:\windows\system32\vsp1cln.exe
2008-11-04 23:02 32,592 a------- c:\windows\system32\msonpmon.dll
2008-11-04 23:00 <DIR> --d----- c:\windows\PCHEALTH
2008-11-04 22:58 <DIR> --d----- c:\windows\SHELLNEW
2008-11-04 22:57 <DIR> --d----- c:\programdata\Microsoft Help
2008-11-04 22:37 <DIR> --d----- c:\users\owner\appdata\roaming\GetRightToGo
2008-11-04 17:15 269,312 a------- c:\windows\system32\es.dll
2008-11-04 17:14 443,392 a------- c:\windows\system32\win32spl.dll
2008-11-04 17:14 37,888 a------- c:\windows\system32\printcom.dll
==================== Find3M ====================
2008-11-15 16:30 <DIR> --d----- c:\program files\Dell
2008-11-11 11:12 <DIR> --d----- c:\users\owner\appdata\roaming\TMP
2008-11-05 15:47 <DIR> --d----- c:\program files\Windows Collaboration
2008-11-05 15:37 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-11-05 15:37 82,432 a------- c:\windows\system32\axaltocm.dll
2008-10-15 11:30 <DIR> --d----- c:\program files\Creative
2008-10-15 11:30 <DIR> --d----- c:\program files\common files\Reallusion
2008-10-15 11:29 <DIR> --d----- c:\program files\Creative Live! Cam
2008-10-15 10:59 61,440 a------- c:\windows\system32\winipsec.dll
2008-10-15 10:59 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-10-15 10:59 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-10-15 10:59 272,896 a------- c:\windows\system32\polstore.dll
2008-10-15 10:57 28,160 a------- c:\windows\system32\Apphlpdm.dll
2008-10-15 10:57 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-10-15 10:57 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-15 10:57 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-15 10:57 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-15 10:57 1,695,744 a------- c:\windows\system32\gameux.dll
2008-10-15 10:57 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-15 10:57 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-15 10:48 2,048 a------- c:\windows\system32\tzres.dll
2008-10-15 10:46 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-10-15 10:46 2,032,640 a------- c:\windows\system32\win32k.sys
2008-10-15 10:34 6,656 a------- c:\windows\system32\kbd106n.dll
2008-10-15 10:34 988,216 a------- c:\windows\system32\winload.exe
2008-10-15 10:34 927,288 a------- c:\windows\system32\winresume.exe
2008-10-15 10:34 615,992 a------- c:\windows\system32\ci.dll
2008-10-15 10:34 378,368 a------- c:\windows\system32\srcore.dll
2008-10-15 10:34 318,464 a------- c:\windows\system32\rstrui.exe
2008-10-15 10:34 46,592 a------- c:\windows\system32\setbcdlocale.dll
2008-10-15 10:34 40,960 a------- c:\windows\system32\srclient.dll
2008-10-15 10:34 19,000 a------- c:\windows\system32\kd1394.dll
2008-10-15 10:34 14,848 a------- c:\windows\system32\srdelayed.exe
2008-10-15 10:31 295,936 a------- c:\windows\system32\gdi32.dll
2008-10-15 10:28 14,848 a------- c:\windows\system32\wshrm.dll
2008-10-15 10:26 738,304 a------- c:\windows\system32\inetcomm.dll
2008-10-15 10:26 84,480 a------- c:\windows\system32\INETRES.dll
2008-10-15 10:25 1,314,816 a------- c:\windows\system32\quartz.dll
2008-10-15 10:24 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-10-15 10:24 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-10-15 10:23 827,392 a------- c:\windows\system32\wininet.dll
2008-10-15 10:05 <DIR> --d----- c:\program files\Marvell
2008-10-15 10:03 <DIR> --d----- c:\program files\Cisco
2008-10-15 09:50 <DIR> --d----- c:\program files\CONEXANT
2008-10-15 09:47 <DIR> --d----- c:\program files\SigmaTel
2008-09-17 22:56 125,952 a------- c:\windows\system32\wersvc.dll
2008-09-17 22:56 147,456 a------- c:\windows\system32\Faultrep.dll
2007-02-21 13:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 3:13:19.97 ===============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:56 AM, on 11/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\killer.exe.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 3378 bytes
