Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 3123 articles
Browse latest View live

Hacker Malware

0
0
So I got a call on my home phone and this Indian person with a heavy accent that was kind of hard for me to understand told me that my computer was infected from malware because of a hacker. At first I thought it was a little shady but he showed me a list, I suppose, of the warnings and errors coming from my computer and being sent to Verizon (where he said he worked). On the administrative events it shows that I have 4,894 errors which kind of scares me. What can I do to get rid of these errors, and get rid of my hacker? I also found the person on the phone a little shady because he asked me my age and then gave the phone to someone else who I assume was his boss and also asked me my age (also asked if I was the primary user and if there were others who used the computer). That made me question it a little because they hung up right after he commented "oh, so you're young," and I heard laughter in the background and before they disconnected.

I'm also adding this because in the special instructions it told me too -->

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:36:21 PM, on 9/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Student Backup\BackupClient.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Kathy\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc...19351&tsp=4948
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Super Lyrics - {30B87EBD-E91B-498B-B25D-DF116AF00393} - C:\Program Files (x86)\Super_Lyrics\125.dll (file missing)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.6.1.2\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: Super Lyrics - {B9020890-9E08-446B-87B0-0C5CD0436D86} - C:\Program Files (x86)\Super_Lyrics\116.dll (file missing)
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.6.1.2\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BackupClient.exe] C:\Program Files (x86)\Student Backup\BackupClient.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: SafeConnect.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SafeConnect Manager (SCManager) - Impulse Point, LLC - C:\Program Files (x86)\SafeConnect\scManager.sys
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13176 bytes

Wireless connection problem and Blue screen

0
0
I just thought it was just an annoyance really. For a half a year now, I have to troubleshoot my wireless in order to get it to work after waking or starting up the laptop. Sometimes it works on the first time, sometimes it starts working after 5 troubleshootings, but it usually always works.

About a month ago, my laptop did it's first blue screen. It's now happened about 4 or 5 times, the most recent about an hour ago. The second to last time (about 4 days ago) I ran full scans of Avast Antivirus, SuperAntispyware and Malwarebytes in that order. Avast got 10 viruses, SA got 115 and MB got 11.


Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34:17 PM, on 9/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\Tra.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\Users\Dillon\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USB Optical Mouse] "C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dillon\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{36772CB1-3E43-459C-A681-D8525BB7AC7C}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{36772CB1-3E43-459C-A681-D8525BB7AC7C}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{36772CB1-3E43-459C-A681-D8525BB7AC7C}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\windows\syswow64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11858 bytes







dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Dillon at 23:31:01 on 2013-09-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.536 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\Tra.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [cdloader] "C:\Users\Dillon\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [USB Optical Mouse] "C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001017-0002-0017-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{36772CB1-3E43-459C-A681-D8525BB7AC7C} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED} : DHCPNameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\144545437323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\2757A786964737B69697 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\75F4751203236323 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\75F4751203236323 : DHCPNameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\D436D277966696 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\D436D277966696 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN15361564481426136&UM=2&SearchSource=3& q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN15361564481426136&UM=2& q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-08 04:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-08 04:29; elemhidehelper@adblockplus.org; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2013-09-08 04:30; autopager@mozilla.org; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\autopager@mozilla.org.xpi
FF - ExtSQL: 2013-09-08 04:30; adblockpopups@jessehakanen.net; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-09-08 04:31; jid1-ZAdIEUB7XOzOJw@jetpack; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF - ExtSQL: 2013-09-08 04:36; pastetotab@loucypher; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\pastetotab@loucypher
FF - ExtSQL: 2013-09-12 23:31; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-09-13 00:02; {739df940-c5ee-4bab-9d7e-270894ae687a}; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF - ExtSQL: 2013-09-13 06:25; j0iiao@zff-ii.co.uk; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\j0iiao@zff-ii.co.uk
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-10 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-10 204880]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-10 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-10 378944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-8 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-11-8 38144]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-24 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-10 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-10 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-12 46808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-24 13592]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-24 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-8-3 40432]
R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-24 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-24 436840]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-24 878184]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-10-2 36328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-9 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-10-2 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-10-2 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-10-2 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-10-2 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-9 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-24 1817088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-17 23:10:19 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B146B11C-7D60-428E-9A71-7E3D3CE68E8F}\mpengine.dll
2013-09-14 09:06:54 -------- dc----w- C:\Users\Dillon\AppData\Local\SCE
2013-09-13 19:53:59 68104 ----a-w- C:\Windows\System32\XAPOFX1_0.dll
2013-09-13 17:55:55 0 ----a-w- C:\Windows\SysWow64\sho6BC9.tmp
2013-09-13 11:08:02 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-13 11:08:02 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-13 04:02:59 -------- dc----w- C:\Users\Dillon\AppData\Roaming\SearchProtect
2013-09-13 04:02:55 -------- dc----w- C:\Program Files (x86)\Conduit
2013-09-13 04:02:32 -------- dc----w- C:\ProgramData\Conduit
2013-09-13 04:02:29 -------- dc----w- C:\Users\Dillon\AppData\Local\Conduit
2013-09-13 03:59:59 -------- dc----w- C:\Program Files (x86)\ss helper
2013-09-13 03:59:23 -------- dc----w- C:\ProgramData\savensHAre
2013-09-13 03:54:23 -------- dc----w- C:\ProgramData\InstallMate
2013-09-12 11:28:00 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-11 06:43:13 -------- dc----w- C:\Users\Dillon\AppData\Roaming\USB Optical Mouse
2013-09-10 16:57:42 -------- dc----w- C:\Program Files (x86)\USB Optical Mouse
2013-09-09 00:50:26 0 ----a-w- C:\Windows\SysWow64\shoED2E.tmp
2013-09-05 14:04:02 209272 -c--a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-09-03 17:18:43 -------- dc----w- C:\Users\Dillon\AppData\Local\{FF738D50-629E-4225-976B-EB55958ECD85}
2013-09-03 03:59:13 -------- dc----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-03 03:28:01 -------- dc----w- C:\Program Files\VS Revo Group
2013-09-02 19:39:09 -------- dc----w- C:\Users\Dillon\AppData\Local\{82B95313-8DDC-4F4C-9F54-18085EA1C8A4}
2013-09-02 07:38:29 -------- dc----w- C:\Users\Dillon\AppData\Local\{5DEFD5C7-F488-46A9-B367-8000DCD79E1C}
2013-08-30 18:51:23 -------- dc----w- C:\Users\Dillon\AppData\Local\{B2CD6610-2462-4DEE-80FA-85EAEB7568FD}
2013-08-30 11:24:37 -------- dc----r- C:\Program Files (x86)\Skype
2013-08-26 04:43:14 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-22 20:14:37 -------- dc----w- C:\Program Files (x86)\Flash Movie Player
2013-08-22 01:13:17 -------- dc----w- C:\Users\Dillon\AppData\Roaming\PyBitmessage
2013-08-21 07:19:14 17160072 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-09-14 08:46:33 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-14 08:46:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-26 04:42:46 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-08-26 04:42:45 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-15 03:15:18 0 ----a-w- C:\Windows\SysWow64\shoCEDF.tmp
2013-07-11 21:26:04 0 ----a-w- C:\Windows\SysWow64\sho47FE.tmp
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-26 23:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys
2013-06-26 23:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys
2013-06-26 23:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys
2013-06-26 23:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll
2013-06-26 23:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll
2013-06-26 23:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys
.
============= FINISH: 23:32:48.62 ===============







attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/17/2012 4:06:53 PM
System Uptime: 9/19/2013 11:24:18 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3672
Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz | CPU1 | 1500/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 108.46 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.296 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SCH-I510
Device ID: USB\VID_04E8&PID_5A0F\30317CA9012000EC
Manufacturer: samsung
Name: SCH-I510
PNP Device ID: USB\VID_04E8&PID_5A0F\30317CA9012000EC
Service: WUDFRd
.
==== System Restore Points ===================
.
RP325: 9/17/2013 7:07:58 PM - Windows Update
RP326: 9/19/2013 2:36:27 AM - Removed System Requirements Lab CYRI
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 12.0
Age of Empires II HD Edition version 1.0.0.0
avast! Free Antivirus
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO Internet Security
Compaq Setup Manager
CyberLink YouCam
D3DX10
ESU for Microsoft Windows 7 SP1
EverQuest
GimpShop 2.8
Google Earth Plug-in
Google Update Helper
GTA San Andreas
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Software Framework
HP Support Assistant
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.7.5 (Full)
magicJack
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Metal Gear Solid
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft WSE 3.0 Runtime
Morrowind
Morrowind Script Extender 0.9.4.1
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Most Wanted (black edition)
Opera 12.16
PlayReady PC Runtime x86
Poker Superstars III
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
Revo Uninstaller 1.95
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.7
ss helper 1.74
SUPERAntiSpyware
swMSM
Synaptics TouchPad Driver
System Requirements Lab Detection
TES Construction Set
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
USB Optical Mouse
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.7
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/19/2013 6:49:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/19/2013 6:49:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sftlist service.
9/19/2013 2:35:21 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.2, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/19/2013 11:26:04 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
9/19/2013 11:26:04 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.12, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/19/2013 11:25:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091913-31012-01.
9/19/2013 11:24:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
9/19/2013 10:51:39 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.168.137, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/19/2013 10:51:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000c08120888, 0x0000000000000002, 0x0000000000000000, 0xfffff8000304a977). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091913-31044-01.
9/19/2013 10:24:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/19/2013 1:14:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/19/2013 1:14:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/19/2013 1:14:41 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.13, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/18/2013 11:30:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
9/18/2013 11:29:40 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address 00-1A-79-10-09-2F. Network operations on this system may be disrupted as a result.
9/17/2013 11:53:34 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address A4-1F-72-6F-C7-78. Network operations on this system may be disrupted as a result.
9/16/2013 9:22:48 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.16, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/16/2013 3:02:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
9/16/2013 2:02:18 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}. The master browser is stopping or an election is being forced.
9/16/2013 2:01:07 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.10, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/16/2013 11:17:13 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.8, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/16/2013 10:30:44 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/15/2013 8:46:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000c0a2e7498, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e4c977). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091513-43305-01.
9/15/2013 8:07:48 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
9/15/2013 8:05:45 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.127, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/15/2013 11:34:42 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E38D684B-0B0A-40B3-A214-6C49E3C0CAED} because another computer on the network has the same name. The server could not start.
9/15/2013 10:13:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/13/2013 1:55:18 PM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================


ark.txt
When I started up the GMER scan, I followed the directions- closing all programs and not moving the mouse- and it ran for about 10 seconds and this is what came up:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-20 00:24:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298.09GB
Running: wznkveoo.exe; Driver: C:\Users\Dillon\AppData\Local\Temp\uxroaaoc.sys


---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs fffffa80030b82c0
Device \FileSystem\fastfat \Fat fffffa8006a3d2c0

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\lsass.exe [776:804] 000007fefcacdf50
Thread C:\Windows\system32\svchost.exe [628:2148] 000007fef7d7bd88
Thread C:\Windows\system32\svchost.exe [628:2600] 000007fef7ba83d8
Thread C:\Windows\system32\svchost.exe [628:2604] 000007fef7ba83d8
Thread C:\Windows\system32\svchost.exe [628:1732] 000007fefa593f1c
Thread C:\Windows\system32\svchost.exe [628:2576] 000007fefafe1a38
Thread C:\Windows\system32\svchost.exe [628:1620] 000007fefa5f5388
Thread C:\Windows\system32\svchost.exe [628:568] 000007fefa517738
Thread C:\Windows\system32\svchost.exe [628:1040] 000007fefa501f90
Thread C:\Windows\system32\svchost.exe [628:3892] 000007fef7ca5124
Thread C:\Windows\system32\svchost.exe [628:4276] 000007fef89e5170
Thread C:\Windows\system32\svchost.exe [1104:1664] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:1796] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:760] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:3044] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:1204] 000007fef7ca5124
Thread C:\Windows\system32\svchost.exe [1300:1436] 000007fef9bb8274
Thread C:\Windows\system32\svchost.exe [1300:1708] 000007fef9bb8274
Thread C:\Windows\Explorer.EXE [1748:1672] 000007fef41b2118
Thread C:\Windows\Explorer.EXE [1748:4076] 000007fef40d2f9c
Thread C:\Windows\Explorer.EXE [1748:1544] 000007fefb551010
Thread C:\Windows\system32\taskhost.exe [1916:2008] 000007fefba91f38
Thread C:\Windows\system32\taskhost.exe [1916:2028] 000007fefb551010
Thread C:\Windows\system32\taskhost.exe [1916:1804] 000007fefed7c608
Thread C:\Windows\system32\taskhost.exe [1916:3376] 000007fef89e5170
Thread C:\Windows\system32\svchost.exe [1972:1244] 000007fef85335c0
Thread C:\Windows\system32\svchost.exe [1972:3664] 000007fef8535600
Thread C:\Windows\system32\svchost.exe [1972:3708] 000007fef54c2888
Thread C:\Windows\system32\svchost.exe [1972:3768] 000007fef4ed2940
Thread C:\Windows\system32\svchost.exe [2536:2616] 000007fef7c27130
Thread C:\Windows\system32\svchost.exe [2536:2620] 000007fef7c1d5c0
Thread C:\Windows\system32\wbem\wmiprvse.exe [3156:4228] 000007fef7ac1c20
Thread C:\Windows\System32\svchost.exe [3932:4700] 000007feef7397fc
Thread C:\Windows\System32\svchost.exe [3932:2504] 000007feef746a04
Thread C:\Windows\System32\svchost.exe [3932:3264] 000007feef73df84
Thread C:\Windows\System32\svchost.exe [3932:4216] 000007feef73bc88
Thread C:\Windows\System32\svchost.exe [3932:4144] 000007feedd59688

---- EOF - GMER 2.1 ----

I ran this GMER scan exactly as instructed. I've used your sites fine services before on another computer and I thought that the GMER results should be longer. No messages about rootkit activity, so I don't know what's going on there.

Thanks in advance

a New Malware

0
0
hey

i just got this email yesterday 2 times



and i clicked it like 2-3 times (first time it asked me to download a file by idm but i clicked cance)

second time my mouse pointer just becomes that circle in win7 and nothing happens same thing for 3rd time..

i've scanned by 4 scanners (ESET smart secruity,Malwarebaytes quick scan,HouseCall,tdsskiller) didn't find any threats but my computer Seems kinda slow then before.

Pop up audio files and notices after virus check

0
0
Hi There

I am getting audio ads playing at random on my computer, I also get pop up notices asking me to open their page and not to leave their page don't close me etc. Can anyone assist? I've tried cleaning with cleaner, AVG & Malware bytes. ...still no success
Bamboozled!

System gets infected

0
0
Hello guys,

My system gets infected by virus again & again.I use free antivirus & trail versions available free on internet as i can't afford antivirus at this time.anybody please let me know how can i keep my system clean from viruses.Is there any free antivirus which is effective too.

Thank you

URGENT!! Can NOT remove McAfee!! Please Help!

0
0
Hi:
XP
Since last nite, McAfee keeps blocking all of web-sites I need to access.
:(
I used 'Add and Remove' program to remove it, however McAfee also keeps blocking NOT to remove the program. McAfee keeps popping up at the bottom corner NOT to remove it every time I tried to remove it.

Nothing else helps to remove McAfee which forces me to purchase.
'm totally stuck with this VERY nasty program!

How to remove McAfee program?:confused: I need to acess web-page so badly?

Thanks for your help in advance.

Cannot get rid of (pup.optional.bprotector.a )

0
0
I cannot get rid of this virus/malware/pup.

I noticed my cpu performance was running very slowly, so I ran MBAM. It detected the above, and I restarted to complete the clean up. Upon a restart, I rescanned in safe mode and nothing was found. However, I still noticed slow performance, and I scanned with MBAM again in regular mode. It found the PUP but did not clean it out. I ran ESET online scanner, but this could not get ride of it either. I will post my required logs below.

Trojan.Medfos.nv/Trojan:Win32/Medfos.gen!D

0
0
Hello,
This is on an XP SP3 machine, logs follow.
When I logged off the Limted User Account, and into the Admin Account ( to run scans and updates ), MSE warned of an infection it took care of, and that I needed to reboot and run a full scan to make sure it was gone. I did this, and updated Malwarebytes and did a full scan and it's log is below. MSE found two instances of Trojan:Win32/Medfos.gen!D, one in a regkey the other in a runkey. I lost the log for those
I ran HJT and DDS ( logs follow ) but GMER gave an MS error box stating GMER ( random exe name ) encountered a problem and needed to close....
Mbam found and cleaned one instance of the Trojan.Medfos.fv
Also, one of the svchost processes seems to be running alot at 99%.
Machine is acting very slow recently, not sure if the nasties are still around ( GMER couldn't run ) or it's the svchost issue
Thanks in advance for your time.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.20.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Patrick :: DJ1HR421 [administrator]

9/20/2013 2:44:33 PM
mbam-log-2013-09-20 (14-44-33).txt

Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 404547
Time elapsed: 1 hour(s), 54 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Brian\Application Data\placfg.dll (Trojan.Medfos.nv) -> Quarantined and deleted successfully.

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:37 PM, on 9/20/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Patrick\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Memory Stick Monitor.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2...nAxControl.CAB
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1264427364437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1341801258765
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11272 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Patrick at 22:22:26 on 2013-09-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.500 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
BHO: <No Name>: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\program files\microsoft money\system\mnyviewer.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_5_502_110_ActiveX.exe -update activex
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\patrick\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 7.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\memory~1.lnk - c:\program files\msac-fd1\MSSTAT.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264427364437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341801258765
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.8820486111
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{19B06E23-BA06-4064-B9F3-2D987915EEE7} : DHCPNameServer = 192.168.1.1
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 211560]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2003-1-17 17792]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-12-8 902432]
R1 MpKsl1da6f835;MpKsl1da6f835;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b32c6dbb-1eb9-4bd2-888d-8d4b8dd90aca}\MpKsl1da6f835.sys [2013-9-20 40392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-12-8 2326912]
R2 FPMSNT;FPMSNT;c:\windows\system32\drivers\FPMSNT.SYS [2002-12-14 113812]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2002-12-14 73296]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-8 152704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-09-21 02:10:38 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b32c6dbb-1eb9-4bd2-888d-8d4b8dd90aca}\MpKsl1da6f835.sys
2013-09-20 18:27:13 7328304 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b32c6dbb-1eb9-4bd2-888d-8d4b8dd90aca}\mpengine.dll
2013-09-20 05:51:40 7328304 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-04 14:46:16 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M ====================
.
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02:34 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-01 02:52:44 901808 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-15 20:26:32 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-15 20:26:25 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-15 20:26:23 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-15 20:26:22 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59:11 2193536 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2070144 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 22:24:13.09 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2002 12:42:03 PM
System Uptime: 9/20/2013 10:07:19 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1993/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 57.711 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 78 GiB total, 76.882 GiB free.
F: is FIXED (NTFS) - 71 GiB total, 70.845 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Wave Audio Mixer
Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Wave Audio Mixer
PNP Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: kmixer
.
==== System Restore Points ===================
.
RP2743: 7/11/2013 2:01:40 AM - Software Distribution Service 3.0
RP2744: 7/12/2013 2:27:33 AM - System Checkpoint
RP2745: 7/12/2013 7:40:50 AM - Software Distribution Service 3.0
RP2746: 7/13/2013 8:14:57 AM - System Checkpoint
RP2747: 7/14/2013 1:58:49 AM - Software Distribution Service 3.0
RP2748: 7/14/2013 3:58:17 PM - before updates and scans, POSSIBLE INFECTION
RP2749: 7/14/2013 4:04:23 PM - Software Distribution Service 3.0
RP2750: 7/15/2013 12:15:53 PM - after scans, before ms updates
RP2751: 7/15/2013 1:39:13 PM - Software Distribution Service 3.0
RP2752: 7/15/2013 3:10:44 PM - Software Distribution Service 3.0
RP2753: 7/15/2013 4:25:28 PM - Removed Java 7 Update 15
RP2754: 7/15/2013 4:26:13 PM - Installed Java 7 Update 25
RP2755: 7/16/2013 3:15:36 PM - Software Distribution Service 3.0
RP2756: 7/17/2013 3:21:01 PM - System Checkpoint
RP2757: 7/18/2013 2:14:52 AM - Software Distribution Service 3.0
RP2758: 7/19/2013 3:08:34 AM - System Checkpoint
RP2759: 7/19/2013 10:06:20 PM - Software Distribution Service 3.0
RP2760: 7/20/2013 10:46:44 PM - System Checkpoint
RP2761: 7/21/2013 2:14:38 AM - Software Distribution Service 3.0
RP2762: 7/22/2013 2:16:59 AM - System Checkpoint
RP2763: 7/22/2013 8:18:07 PM - Software Distribution Service 3.0
RP2764: 7/22/2013 9:47:39 PM - just checking
RP2765: 7/23/2013 9:54:07 PM - System Checkpoint
RP2766: 7/24/2013 2:05:04 AM - Software Distribution Service 3.0
RP2767: 7/25/2013 2:11:49 AM - Software Distribution Service 3.0
RP2768: 7/26/2013 2:34:38 AM - System Checkpoint
RP2769: 7/26/2013 7:36:03 PM - Software Distribution Service 3.0
RP2770: 7/27/2013 8:13:59 PM - System Checkpoint
RP2771: 7/28/2013 2:05:59 AM - Software Distribution Service 3.0
RP2772: 7/29/2013 2:59:36 AM - System Checkpoint
RP2773: 7/29/2013 7:00:47 PM - Software Distribution Service 3.0
RP2774: 7/30/2013 7:33:18 PM - System Checkpoint
RP2775: 7/31/2013 2:01:47 AM - Software Distribution Service 3.0
RP2776: 8/1/2013 2:08:55 AM - Software Distribution Service 3.0
RP2777: 8/2/2013 2:10:28 AM - System Checkpoint
RP2778: 8/2/2013 6:13:13 PM - Software Distribution Service 3.0
RP2779: 8/3/2013 6:51:41 PM - System Checkpoint
RP2780: 8/4/2013 2:06:20 AM - Software Distribution Service 3.0
RP2781: 8/5/2013 2:35:34 AM - System Checkpoint
RP2782: 8/5/2013 5:39:28 PM - Software Distribution Service 3.0
RP2783: 8/6/2013 6:11:35 PM - System Checkpoint
RP2784: 8/7/2013 2:04:04 AM - Software Distribution Service 3.0
RP2785: 8/8/2013 2:54:32 AM - System Checkpoint
RP2786: 8/8/2013 4:55:40 PM - Software Distribution Service 3.0
RP2787: 8/9/2013 5:25:17 PM - System Checkpoint
RP2788: 8/10/2013 2:07:05 AM - Software Distribution Service 3.0
RP2789: 8/11/2013 2:16:17 AM - System Checkpoint
RP2790: 8/11/2013 4:22:31 PM - Software Distribution Service 3.0
RP2791: 8/12/2013 4:58:03 PM - System Checkpoint
RP2792: 8/13/2013 2:09:10 AM - Software Distribution Service 3.0
RP2793: 8/13/2013 4:09:03 PM - Software Distribution Service 3.0
RP2794: 8/14/2013 4:44:30 PM - System Checkpoint
RP2795: 8/15/2013 2:09:58 AM - Software Distribution Service 3.0
RP2796: 8/16/2013 2:28:30 AM - System Checkpoint
RP2797: 8/16/2013 3:36:21 PM - Software Distribution Service 3.0
RP2798: 8/17/2013 4:10:24 PM - System Checkpoint
RP2799: 8/18/2013 2:07:58 AM - Software Distribution Service 3.0
RP2800: 8/19/2013 2:53:29 AM - System Checkpoint
RP2801: 8/19/2013 3:01:37 PM - Software Distribution Service 3.0
RP2802: 8/20/2013 3:34:53 PM - System Checkpoint
RP2803: 8/21/2013 2:08:04 AM - Software Distribution Service 3.0
RP2804: 8/22/2013 2:19:48 AM - System Checkpoint
RP2805: 8/22/2013 2:30:02 PM - Software Distribution Service 3.0
RP2806: 8/23/2013 3:02:01 PM - System Checkpoint
RP2807: 8/24/2013 2:09:00 AM - Software Distribution Service 3.0
RP2808: 8/25/2013 2:44:59 AM - System Checkpoint
RP2809: 8/25/2013 2:04:51 PM - Software Distribution Service 3.0
RP2810: 8/26/2013 2:27:26 PM - System Checkpoint
RP2811: 8/27/2013 2:09:16 AM - Software Distribution Service 3.0
RP2812: 8/28/2013 3:07:48 AM - System Checkpoint
RP2813: 8/28/2013 1:21:17 PM - Software Distribution Service 3.0
RP2814: 8/29/2013 1:25:13 PM - System Checkpoint
RP2815: 8/30/2013 2:11:48 AM - Software Distribution Service 3.0
RP2816: 8/31/2013 2:40:36 AM - System Checkpoint
RP2817: 8/31/2013 12:56:12 PM - Software Distribution Service 3.0
RP2818: 9/1/2013 1:43:11 PM - System Checkpoint
RP2819: 9/2/2013 2:09:12 AM - Software Distribution Service 3.0
RP2820: 9/3/2013 3:05:15 AM - System Checkpoint
RP2821: 9/3/2013 12:22:31 PM - Software Distribution Service 3.0
RP2822: 9/4/2013 10:13:42 AM - After scans before ms updates
RP2823: 9/4/2013 10:28:03 AM - Software Distribution Service 3.0
RP2824: 9/5/2013 1:48:48 AM - Software Distribution Service 3.0
RP2825: 9/6/2013 2:04:22 AM - System Checkpoint
RP2826: 9/6/2013 10:53:15 AM - Software Distribution Service 3.0
RP2827: 9/7/2013 11:48:31 AM - System Checkpoint
RP2828: 9/8/2013 1:42:34 AM - Software Distribution Service 3.0
RP2829: 9/9/2013 1:51:11 AM - Software Distribution Service 3.0
RP2830: 9/10/2013 2:10:40 AM - System Checkpoint
RP2831: 9/10/2013 1:12:52 PM - Software Distribution Service 3.0
RP2832: 9/11/2013 1:38:02 PM - System Checkpoint
RP2833: 9/12/2013 1:02:24 PM - Software Distribution Service 3.0
RP2834: 9/13/2013 1:37:30 PM - System Checkpoint
RP2835: 9/14/2013 1:51:53 AM - Software Distribution Service 3.0
RP2836: 9/15/2013 2:20:31 AM - System Checkpoint
RP2837: 9/15/2013 12:29:20 PM - Software Distribution Service 3.0
RP2838: 9/16/2013 1:03:38 PM - System Checkpoint
RP2839: 9/17/2013 1:50:35 AM - Software Distribution Service 3.0
RP2840: 9/18/2013 2:44:28 AM - System Checkpoint
RP2841: 9/18/2013 11:47:24 AM - Software Distribution Service 3.0
RP2842: 9/19/2013 12:25:16 PM - System Checkpoint
RP2843: 9/20/2013 1:51:37 AM - Software Distribution Service 3.0
RP2844: 9/20/2013 2:27:05 PM - Software Distribution Service 3.0
RP2845: 9/20/2013 8:55:37 PM - after medfos trojan cleared, mbam amd mse clean, before ms updates
RP2846: 9/20/2013 9:49:20 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AC3Filter (remove only)
Acrobat.com
Acronis*True*Image*Home
Active Disk
Ad-Aware SE Personal
Adobe AIR
Adobe Download Manager (Remove Only)
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 3.0
Adobe Reader XI (11.0.03)
Adobe Shockwave Player
America Online
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
AT&T Global Network Client
Atlantis
AVIcodec (remove only)
Basic Math 1 1.0
Bonjour
Canon MP Navigator EX 2.1
Canon MX330 series MP Drivers
Canon MX330 series User Registration
Canon Utilities My Printer
Canon Utilities Solution Menu
Classic PhoneTools
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Dell Modem-On-Hold
Dell Movie Studio Diagnostics
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
DesignPro 5.0 Media Edition
Digital Line Detect
DVDSentry
Fraction Fireworks (Remove only)
Garmin USB Drivers
Garmin WebUpdater
Gillware File Viewer
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GSpot Codec Information Appliance
Help and Support Customization
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
IomegaWare 4.0.2
IrfanView (remove only)
iTunes
Java 7 Update 25
Java Auto Updater
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
Memory Stick / Floppy Disk Adaptor
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo 2002
Microsoft Security Client
Microsoft Security Essentials
Microsoft Streets and Trips 2002
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH Jukebox
MyDVD
Nero 6 Ultra Edition
Nero Digital
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 3.0
Paint Shop Pro 7
Pegasus Mail
Picasa 3
PowerDVD
QuickTime
RealPlayer Basic
Robot Arena 2
Roxio VideoWave Movie Creator
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834903-v2)
Security Update for Windows Media Player (KB2834903)
Security Update for Windows Media Player (KB2845142)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shockwave
Sound Blaster Live!
Starcraft
SUPERAntiSpyware Free Edition
Symantec Network Drivers Update
TMPGEnc DVD Author 1.5
TMPGEnc Plus 2.5
TMPGEnc Sound Player
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnyiper
TurboTax 2012 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Typing Quick & Easy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player (Remove Only)
WebFldrs XP
WexTech AnswerWorks
Windows Backup Utility
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Tetris 1.01
Windows XP Service Pack 3
WinWay Resume Deluxe
WinZip
Works Suite OS Pack
Works Synchronization
.
==== Event Viewer Messages From Past Week ========
.
9/20/2013 4:57:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ppa
9/20/2013 10:19:47 PM, error: Srv [2011] - The server's configuration parameter "irpstacksize" is too small for the server to use a local device. Please increase the value of this parameter.
.
==== End Of File ===========================

Is this a virus?

0
0
Hello


If anyone is out there that could maybe help me in this matter it would be very much appreciated.
I believe my laptop might have some sort of a virus.
This started last night with just Internet Explorer dialogue box keep saying "Internet Explorer not working". Then I got a message pop up asking me to download virus removal tool. Then when I clicked on certain sites I always use I got a pop up about gambling etc, This keeps happening a lot now even if I use Google Chrome. I have run all my antivirus software and nothing is being detected.
I am quite concerned as I have a lot private info on here as we run a business.
Any help would be great.
I am no expert so if anyone does answer me please speak in laymen terms.
Thank you in advance.




Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4056 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1804 Mb
Hard Drives: C: Total - 290204 MB, Free - 234318 MB;
Motherboard: Dell Inc., 0G848F
Antivirus: AVG AntiVirus 2014, Updated and Enabled

computer freezes when trying to get online with IE.

0
0
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:05:46 PM, on 11/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal

Here are the scans requested. I have been unable to get online with IE for several days. I just had to dowload and use foxfire to get this done.

Running processes:
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Users\Tee\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: CrossriderApp0026278 - {11111111-1111-1111-1111-110211621178} - C:\Program Files (x86)\Solid Savings\Solid Savings.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Tee\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Tee\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.1.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe,DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736
Run by Tee at 14:09:00 on 2013-11-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3974.2280 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Users\Tee\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Tee\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates\0\updat er.exe
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
BHO: Solid Savings: {11111111-1111-1111-1111-110211621178} - C:\Program Files (x86)\Solid Savings\Solid Savings.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Tee\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{381581F2-ABC5-491D-BFB4-CD66B6633AD1} : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{9CC3912A-8762-4A71-ACF6-3E42744A6533} : DHCPNameServer = 192.168.1.254
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tee\AppData\Roaming\Mozilla\Firefox\Profiles\a0qdkq33.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npwmsdrm.dll
FF - ExtSQL: 2013-11-13 10:27; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-22 16152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-16 55280]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2013-4-16 27120]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2013-4-16 19952]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-9 46368]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2013-4-16 27632]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-6-2 457200]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-6-22 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Tee\AppData\Roaming\DefaultTab\D efaultTab\DTUpdate.exe [2013-4-9 107520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-22 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-22 1695040]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-22 363800]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [2013-11-13 1734680]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-6-22 73728]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-22 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-22 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-22 787736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-22 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-9 19456]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-9 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-13 20:00:16 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-11-13 19:08:51 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-13 15:55:59 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-11-13 15:55:59 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-09 17:09:53 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-11-09 17:08:50 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-11-09 17:08:50 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-11-08 18:58:24 -------- d-----w- C:\Users\Tee\AppData\Local\ElevatedDiagnostics
2013-11-03 04:30:41 -------- d-----w- C:\Users\Tee\AppData\Local\Diagnostics
.
==================== Find3M ====================
.
2013-11-13 15:27:25 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 17:31:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 17:31:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-26 01:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-09 02:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 01:37:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 01:37:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 01:37:29 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 01:37:25 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 01:37:22 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 01:37:22 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 01:37:18 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-09-02 14:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-09-02 14:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-09-02 14:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-09-02 14:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll,

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-15 15:28:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.JC4A 931.51GB
Running: tslypik0.exe; Driver: C:\Users\Tee\AppData\Local\Temp\pwldipow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002da2000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff80002da2042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2

---- EOF - GMER 2.1 ----

high cpu usage, not responding ,

0
0
I have the slowest computer. It never used to be this way.It takes for ever to boot and when it finally does when you click on anything it gets the not responding thing. i constantly get the high cpu usage message. the norton program seems to supposedly fix problems but it still isnt working. this is probably why i shouldnt have let someone borrow my laptop, its never been the same.i hope i did the instructions correctly. Please help me. Thank you Sandiejena

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2038 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 384 Mb
Hard Drives: C: Total - 152624 MB, Free - 75740 MB;
Motherboard: Dell Inc., 0KY767
Antivirus: Norton 360 Premier Edition, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:39 PM, on 11/15/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeeserv.exe
C:\WINDOWS\system32\lxeecoms.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Nova Development\Print Artist Premier 23\ReminderApp.exe
C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files\Lexmark Pro700 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sandiejean\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [AddressBookReminderApp] C:\Program Files\Nova Development\Print Artist Premier 23\ReminderApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [lxeemon.exe] "C:\Program Files\Lexmark Pro700 Series\lxeemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro700 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Sandiejean\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DellSystemDetect] C:\Documents and Settings\Sandiejean\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.dell.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1264779666593
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} (20-20 3D Viewer for WEB) - https://lowes.2020.net/planner/Core/..._WEB_Win32.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/uploa...eX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: lxeeCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe
O23 - Service: lxee_device - - C:\WINDOWS\system32\lxeecoms.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Norton AntiVirus (NAV) - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9493 bytes

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-20 14:55:39
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e TOSHIBA_MK1655GSX rev.FG010D 149.05GB
Running: 4mbvwh0u.exe; Driver: C:\DOCUME~1\SANDIE~1\LOCALS~1\Temp\kxroaaod.sys


---- System - GMER 2.1 ----

SSDT 88FB2E80 ZwAlertResumeThread
SSDT 88FB2F18 ZwAlertThread
SSDT 88FB6C00 ZwAllocateVirtualMemory
SSDT 88FB28F8 ZwAssignProcessToJobObject
SSDT 8A6F0540 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xA3C75ED0]
SSDT 88FB2CA8 ZwCreateMutant
SSDT 88FB27A8 ZwCreateSymbolicLinkObject
SSDT 88FAE670 ZwCreateThread
SSDT 88FB2990 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xA3C76150]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xA3C76810]
SSDT 88F917B8 ZwDuplicateObject
SSDT 88FB6AB0 ZwFreeVirtualMemory
SSDT 88FB2D50 ZwImpersonateAnonymousToken
SSDT 88FB2DE8 ZwImpersonateThread
SSDT 8A7BE5C8 ZwLoadDriver
SSDT 88FB69F8 ZwMapViewOfSection
SSDT 88FB2C10 ZwOpenEvent
SSDT 88F2F788 ZwOpenProcess
SSDT 88F91740 ZwOpenProcessToken
SSDT 88FB2AE0 ZwOpenSection
SSDT 88F2F700 ZwOpenThread
SSDT 88FB2850 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0xA3C76D70]
SSDT 88FB2F90 ZwResumeThread
SSDT 88FB6820 ZwSetContextThread
SSDT 88FB68B8 ZwSetInformationProcess
SSDT 88FB2A28 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xA3C76A90]
SSDT 88FB2B78 ZwSuspendProcess
SSDT 88FB66F0 ZwSuspendThread
SSDT 88FB38B0 ZwTerminateProcess
SSDT 88FB6788 ZwTerminateThread
SSDT 88FB6960 ZwUnmapViewOfSection
SSDT 88FB6B58 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2DF4 805046DC 4 Bytes [E8, 2D, FB, 88]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys

---- Registry - GMER 2.1 ----

Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\390\Shell@WFlags 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\390\Shell@ShowCmd 1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\390\Shell@ScrollPos1280x80 0(1).y 1307
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\429\Shell@MinPos1280x800(1 ).x -32000
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\429\Shell@MinPos1280x800(1 ).y -32000
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\429\Shell@WinPos1280x800(1 ).left 61
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\429\Shell@WinPos1280x800(1 ).right 861

---- EOF - GMER 2.1 ----

PC is Sluggish

0
0
I know it is an old PC running old software, but it is running worse than normal.
It starts slow...at least for it to fully start.
Webpages load slowly even though it has a strong signal.
Earlier I couldn't get it to connect to the internet.
I suspect malware or something of the sort.

Attached Files
File Type: log GMER.log (38.7 KB)
File Type: txt attach.txt (15.5 KB)
File Type: txt dds.txt (10.8 KB)
File Type: log hijackthis.log (7.1 KB)

Hidden Firewalls?

0
0
I have been having trouble with a game I recently bought where it crashes when I try to login. I looked it up and the problem is that it is being blocked by my firewall. I tried allowing it through my firewall and tried turning it off but neither worked. I looked for other programs that might have a firewall but I didn't find any. I remember having some problems before with certain programs being blocked as well. What steps should I take to try and find what could be causing this?

System freezes, frozen chkdsk and error message

0
0
Ok where to start, not sure whether I have drive issues or malware/virus as well.

Windows Vista business on Toshiba Satellite Pro

I run AVG free daily, have done a cc cleaner and run spybot sd.

Also ran a disk defrag, memory diagnostics tool. When I run chkdsk it stalls at step 4 of 5 at 19 percent, even if left to run overnight.

I have received an error message and a black screen twice while trying to do a control alt del
"logon process has failed to create the security options" Failure security options

I also ran Ariolic Disk Scanner 1.4
result "No read errors have been detected"

Note the computer had a recent fall from a chair to the floor, most recent installs were a skype update and a gmail watcher extension for firefox. I have not done a system restore. Here are the logs and thanks in advance for any help

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:53:10 PM, on 15/11/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19483)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Craig\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12648 bytes



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19483 BrowserJavaVersion: 10.45.2
Run by Craig at 16:57:26 on 2013-11-15
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.2939.1277 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\FsUsbExService.Exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\ProgramData\OfficeGuardianV2\UACProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
mStart Page = hxxp://www.shoptoshiba.ca/welcome
mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: DVDVideoSoftTB Toolbar: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Sidebar] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\toshib~1.lnk - c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A72A5D24-50E0-4164-AABE-A1C07709532A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F9743A4D-5F9C-4373-975E-960F960481BA} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\craig\appdata\roaming\mozilla\firefox\profiles\sva83g4k.default-1352032198366\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\users\craig\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\craig\appdata\roaming\mozilla\firefox\profiles\sva83g4k.default-1352032198366\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\craig\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\craig\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\craig\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-09-23 16:23; {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}; c:\users\craig\appdata\roaming\mozilla\firefox\profiles\sva83g4k.default-1352032198366\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - ExtSQL: 2013-11-10 07:56; gmailwatcher@sonthakit; c:\users\craig\appdata\roaming\mozilla\firefox\profiles\sva83g4k.default-1352032198366\extensions\gmailwatcher@sonthakit.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-10-27 15224]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-6-5 20352]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-5-21 247760]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2012-9-4 7299032]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-4-5 233472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-11 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-10-27 335736]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-4-5 37344]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-4-30 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2013-4-5 32064]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-7-10 83864]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_6.3.38103.0.sys [2012-10-27 21888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-5 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-6-5 937984]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-4-5 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-4-5 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-4-5 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2013-4-5 130248]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-7-10 181912]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2013-7-20 756392]
.
=============== Created Last 30 ================
.
2013-11-11 15:07:20 -------- d-sh--w- C:\found.000
2013-10-31 01:23:12 -------- d-----w- c:\users\craig\appdata\local\Amazon
2013-10-26 04:29:58 -------- d-----w- c:\programdata\Oracle
2013-10-26 04:28:59 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-10-13 11:55:47 916992 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 11:50:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 11:49:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 11:49:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-10-13 11:49:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-13 11:47:48 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 10:09:15 385024 ----a-w- c:\windows\system32\html.iec
2013-10-13 08:28:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 08:25:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-09 16:56:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 16:56:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 12:51:05 873384 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-10-08 12:51:00 796072 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-03 12:45:50 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-09-26 01:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-11 03:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 15:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 07:56:16 27648 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH: 16:58:08.29 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 05/06/2009 2:30:08 AM
System Uptime: 15/11/2013 2:35:17 PM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 40.818 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1304: 14/11/2013 1:22:36 AM - Scheduled Checkpoint
RP1305: 14/11/2013 3:00:16 AM - Windows Update
RP1306: 15/11/2013 12:27:58 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
AVG 2014
BitTorrent
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
Bonjour
Browser Defender 3.0
Business Contact Manager for Outlook 2007 SP2
Camera Assistant Software for Toshiba
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 5.1
Canon MX510 series MP Drivers
Canon MX510 series On-screen Manual
Canon My Printer
Canon Personal Printing Guide
Canon Solution Menu EX
Canon Speed Dial Utility
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
DisplayLink Core Software
DisplayLink Graphics
Dive Organizer 2.14
DJ_AIO_03_F4200_Software_Min
DOTX to DOCX Converter 7.0.0.2
DVD Flick 1.3.0.7
DVD MovieFactory for TOSHIBA
DVDVideoSoftTB Toolbar
File Type Assistant
Free RAR Extract Frog
Free Video Dub version 1.8
FrostWire 4.21.5
Garmin City Navigator North America v8
Garmin MapSource
Garmin MetroGuide Canada v5
Garmin USB Drivers
Garmin WorldMap v4
Google Chrome
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Deskjet F4200 All-In-One Driver 11.0 03
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 6
LiveUpdate (Symantec Corporation)
MapSource
MapSource - MetroGuide Canada v4
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 4.0 SP1 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multiple Image Resizer .NET
MyFreeCodec
MyLaps Monitor
OnlinePlay 1.0
PDFCreator
PhotoScape
Power Commander Control Center 3.2.0 (Test Build 1)
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype Click to Call
Skype™ 6.10
Spybot - Search & Destroy
Synaptics Pointing Device Driver
The Rosetta Stone
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.8
Web Album Generator 1.8.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Mares (usbser) Icon HD (11/21/2012 1.3.3.9)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (10/05/2012 6.6.0.0)
Windows Live Install Wizard
Windows Media Encoder 9 Series
XT Racing GPStudio
XTStudio
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
15/11/2013 6:05:47 AM, Error: EventLog [6008] - The previous system shutdown at 1:00:59 AM on 15/11/2013 was unexpected.
15/11/2013 4:45:33 PM, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.
15/11/2013 2:36:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCTSD
15/11/2013 12:43:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgdiskx AVGIDSDriver AVGIDSShim Avgldx86 eeCtrl PCTSD spldr Wanarpv6
15/11/2013 12:43:26 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
15/11/2013 12:43:26 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
15/11/2013 12:43:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
15/11/2013 12:43:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
15/11/2013 12:43:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/11/2013 12:43:14 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
15/11/2013 12:43:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
15/11/2013 12:42:50 AM, Error: EventLog [6008] - The previous system shutdown at 12:38:29 AM on 15/11/2013 was unexpected.
14/11/2013 9:28:29 AM, Error: EventLog [6008] - The previous system shutdown at 9:20:49 AM on 14/11/2013 was unexpected.
14/11/2013 5:37:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
14/11/2013 5:35:05 PM, Error: EventLog [6008] - The previous system shutdown at 5:27:41 PM on 14/11/2013 was unexpected.
14/11/2013 5:24:47 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:15 PM on 14/11/2013 was unexpected.
14/11/2013 11:56:35 PM, Error: EventLog [6008] - The previous system shutdown at 11:49:46 PM on 14/11/2013 was unexpected.
14/11/2013 10:54:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 0024D240E4D6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
13/11/2013 3:28:13 PM, Error: EventLog [6008] - The previous system shutdown at 3:20:27 PM on 13/11/2013 was unexpected.
13/11/2013 3:27:13 PM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
13/11/2013 3:26:42 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
13/11/2013 11:24:59 PM, Error: EventLog [6008] - The previous system shutdown at 10:43:46 PM on 13/11/2013 was unexpected.
13/11/2013 10:29:58 PM, Error: EventLog [6008] - The previous system shutdown at 10:19:16 PM on 13/11/2013 was unexpected.
12/11/2013 7:03:41 PM, Error: EventLog [6008] - The previous system shutdown at 6:35:20 PM on 12/11/2013 was unexpected.
11/11/2013 9:22:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
11/11/2013 9:22:48 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2013 9:21:48 AM, Error: EventLog [6008] - The previous system shutdown at 8:38:30 AM on 11/11/2013 was unexpected.
10/11/2013 11:34:15 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume S3A6754D006.
10/11/2013 11:34:12 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/11/2013 11:33:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FsUsbExService service to connect.
10/11/2013 11:33:53 PM, Error: Service Control Manager [7000] - The FsUsbExService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2013 10:47:46 PM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.
08/11/2013 4:25:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TOSHIBA SMART Log Service service.
08/11/2013 4:25:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-15 17:31:26
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01 149.05GB
Running: isvi6b7c.exe; Driver: C:\Users\Craig\AppData\Local\Temp\kwtoqpod.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x91395690]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x913957B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x91395010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x91395490]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x913952D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x913953B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x91395110]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x913951F0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x91395590]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 3BD 83EE4A08 8 Bytes [90, 56, 39, 91, B0, 57, 39, ...] {NOP ; PUSH ESI; CMP [ECX-0x6ec6a850], EDX}
.text ntkrnlpa.exe!KeSetEvent + 3F1 83EE4A3C 4 Bytes [10, 50, 39, 91] {ADC [EAX+0x39], DL; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 40D 83EE4A58 4 Bytes [90, 54, 39, 91]
.text ntkrnlpa.exe!KeSetEvent + 611 83EE4C5C 8 Bytes [D0, 52, 39, 91, B0, 53, 39, ...]
.text ntkrnlpa.exe!KeSetEvent + 621 83EE4C6C 8 Bytes [10, 51, 39, 91, F0, 51, 39, ...]
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8C159480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8C19A900, 0x3CA, 0x48000040]
? C:\Users\Craig\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5012] ntdll.dll!DbgBreakPoint 77C6878E 1 Byte [C3]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

---- EOF - GMER 2.1 ----

Removal of Avast error 42060 Win32:Rootkit-Gen

0
0
Have tried ALL 'Googled' anti-rootkit downloads and am unable to remove 1 infected file when running Avast; Error 42060- Win32:Rootkit-Gen (trojan virus).

At present, virus is not causing any malfunctions; pop-ups; blue screen...,

Avast Support can fix for a one-time fee of $120, however, I can easily purchase a used Dell Optiplex / Windows 7 for much less.

Has anyone found a download, (Google), which does work and not just another PC Registry ?

Thanks.

Username.exe virus?

0
0
Hello,

This is my first time posting here.

I have recently come across a .exe running on my PC called username.exe (in my case Brian.exe). It eats up most of my CPU space and causes my computer to run extremely slow.

I have run Anti-Malware Bytes, Super Anti Spyware, CC-cleaner and multiple symantec virus scans but nothing will get rid of it.

It also changes all the start pages of all my internet browsers to something called startpage.com

Here is my hijackthis report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:56 AM, on 11/16/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Brian.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\conhost.exe
C:\Users\Brian\AppData\Roaming\37Y3tJYtWH672FSIi9DVc5JN9wJP60Sl\Brian.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Users\Brian\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpage.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BRIAN-PC] C:\Users\Brian\AppData\Roaming\vvid.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Brian.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/J...etupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 9996 bytes



This is my DDS report.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.21.2
Run by Brian at 0:34:00 on 2013-11-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2377 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\OEM04Mon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Brian.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conhost.exe
C:\Users\Brian\AppData\Roaming\37Y3tJYtWH672FSIi9DVc5JN9wJP60Sl\Brian.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Brian\Downloads\HijackThis (1).exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startpage.com
uDefault_Page_URL = hxxp://www.dell.com
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrec ordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Akamai NetSession Interface] "c:\users\brian\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\brian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [BRIAN-PC] c:\users\brian\appdata\roaming\vvid.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [OEM04Mon.exe] c:\windows\OEM04Mon.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [OtShot] c:\program files\otshot\otshot.exe -minimize
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\brian\appdata\roaming\microsoft\windows\start menu\programs\startup\Brian.exe
StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\d elldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1209E7A2-1F92-4034-8E40-9D74F65BC8F4} : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC}\35865607162746 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC}\45162616B696E6 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC}\8686F6E6F62737 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{C086E589-9ADA-41B6-9956-51E097947ECC}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\hu5wzsp5.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.fantastigames.com/web?src=ffb&appid=103&systemid=453&sr=0&q=
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startpage.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\np rndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\brian\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\brian\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-12-21 20:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-12-21 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2010-1-11 155648]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-9-29 1831024]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-27 108120]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\drivers\OEM04Vfx.sys [2007-3-5 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\drivers\OEM04Vid.sys [2007-10-10 234720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2013-1-28 13232]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-28 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-28 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-23 1343400]
.
=============== Created Last 30 ================
.
2013-11-16 05:19:39 -------- d-----w- C:\AdwCleaner
2013-11-13 23:29:03 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-13 23:29:02 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-13 23:29:02 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 23:22:49 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-13 23:22:49 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-13 23:22:49 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-13 23:22:49 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-13 23:22:49 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-13 23:22:48 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-13 23:22:48 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-13 23:22:48 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-13 23:22:48 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-13 23:22:48 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-13 23:15:56 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 23:14:17 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 23:14:16 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-13 23:14:16 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 23:13:08 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-12 03:56:30 1422040 --s-a-w- c:\users\brian\appdata\roaming\microsoft\windows\start menu\programs\startup\Brian.exe
2013-11-12 03:55:19 1422040 --sha-w- c:\users\brian\appdata\roaming\vvid.exe
2013-11-12 03:55:19 -------- d-sh--w- c:\users\brian\appdata\roaming\37Y3tJYtWH672FSIi9DVc5JN9wJP60Sl
.
==================== Find3M ====================
.
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-02 15:51:38 4909600 ----a-w- c:\windows\system32\GameMon.des
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
.
============= FINISH: 0:35:46.44 ===============




This is my attach.txt report:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/21/2010 8:45:10 PM
System Uptime: 11/16/2013 12:24:18 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U8042
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | Microprocessor | 2401/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 185.364 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.584 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP186: 9/13/2013 11:27:43 PM - Windows Modules Installer
RP188: 10/10/2013 10:56:55 PM - Windows Modules Installer
RP189: 11/14/2013 10:33:08 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Accidental Damage Services Agreement
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Broadcom Management Programs
CCleaner
Core Temp version 0.99.8
Dell Dock
Dell Edoc Viewer
Dell Touchpad
Dragon Age II
eReg
Flyff
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Intel(R) PROSet/Wireless Software
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 33
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Keynote Connector
Laptop Integrated Webcam Driver (1.03.01.1011)
LiveUpdate 3.3 (Symantec Corporation)
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.75.0.1300
mCore
Media Player Classic - Home Cinema v1.5.0.2827
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Might & Magic Heroes VI
mMHouse
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
PCSX2 - Playstation 2 Emulator
PowerISO
Project64 1.6
QuickSet
QuickTime
Real Alternative 2.0.2
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
RollerCoaster Tycoon 3 Platinum
Rose Online
Runes of Magic
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SelectionLinks
Shopping InContext
Skype Click to Call
Skype™ 6.1
StreamTorrent 1.0
SUPERAntiSpyware
Symantec Endpoint Protection
TVAnts 1.0
TwelveSky 2
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Migration Assistant
WinRAR 4.00 beta 3 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/16/2013 12:26:55 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
11/16/2013 12:26:55 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
11/16/2013 12:26:55 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
11/15/2013 11:32:12 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
11/14/2013 10:54:00 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
11/11/2013 7:22:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
11/11/2013 7:22:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SigmaTel Audio Service service to connect.
11/11/2013 7:22:02 PM, Error: Service Control Manager [7000] - The SigmaTel Audio Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Finally, here is the result of the GMER scan without IAT/EAT checked:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-16 01:08:56
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD50 rev.01.0 465.76GB
Running: q2e1su16.exe; Driver: C:\Users\Brian\AppData\Local\Temp\pgloqpow.sys


---- System - GMER 2.1 ----

SSDT 876E9F10 ZwAlertResumeThread
SSDT 876E9FD0 ZwAlertThread
SSDT 876E45E8 ZwAllocateVirtualMemory
SSDT 87699588 ZwConnectPort
SSDT 876E9C60 ZwCreateMutant
SSDT 876E42D0 ZwCreateThread
SSDT 876E4E28 ZwFreeVirtualMemory
SSDT 876E9D50 ZwImpersonateAnonymousToken
SSDT 876E9E30 ZwImpersonateThread
SSDT 876E4D48 ZwMapViewOfSection
SSDT 876E9B80 ZwOpenEvent
SSDT 876E4210 ZwOpenProcessToken
SSDT 876E4AA8 ZwOpenThreadToken
SSDT 876E7058 ZwResumeThread
SSDT 876E7A70 ZwSetContextThread
SSDT 876E4B98 ZwSetInformationProcess
SSDT 876E7980 ZwSetInformationThread
SSDT 876E9AA0 ZwSuspendProcess
SSDT 876E77C0 ZwSuspendThread
SSDT 876E43B0 ZwTerminateProcess
SSDT 876E78A0 ZwTerminateThread
SSDT 876E4C88 ZwUnmapViewOfSection
SSDT 876E4518 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C41A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7B212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82C82470 8 Bytes [10, 9F, 6E, 87, D0, 9F, 6E, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C82488 4 Bytes [E8, 45, 6E, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82C82528 4 Bytes [88, 95, 69, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C82564 4 Bytes [60, 9C, 6E, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82C82598 4 Bytes [D0, 42, 6E, 87]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9AA15320, 0x3F5147, 0xE8000020]
? C:\Users\Brian\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2380] kernel32.dll!SetUnhandledExceptionFilter 76ABF4EB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, 44, 6C, 00] {SUB [ESP+EBP*2+0x0], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, 47, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, 44, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, 45, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EBCA28 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, 46, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, 45, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, 46, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EBCAB9 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, 44, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EBCC77 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, 45, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, 46, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, 47, 6C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2648] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, B8, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, BB, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, B8, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, B9, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EB9F9C C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, BA, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, B9, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, BA, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EBA02D C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, B8, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EBA1EB C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, B9, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, BA, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, BB, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2664] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, EC, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, EF, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, EC, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, ED, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EB75D0 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, EE, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, ED, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, EE, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EB7661 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, EC, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EB781F C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, ED, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, EE, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, EF, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, 9C, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, 9F, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, 9C, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, 9D, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EBF680 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, 9E, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, 9D, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, 9E, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EBF711 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, 9C, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EBF8CF C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, 9D, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, 9E, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, 9F, 98, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, F0, 08, 01] {SUB AL, DH; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, F3, 08, 01] {SUB BL, DH; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, F0, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, F1, 08, 01] {TEST AL, 0xf1; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EC66D4 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, F2, 08, 01] {TEST AL, 0xf2; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, F1, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, F2, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EC6765 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, F0, 08, 01] {TEST AL, 0xf0; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EC6923 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, F1, 08, 01] {SUB CL, DH; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, F2, 08, 01] {SUB DL, DH; OR [ECX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, F3, 08, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5180] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateFile + 6 76EB560E 4 Bytes [28, 98, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateFile + B 76EB5613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtMapViewOfSection + 6 76EB5C6E 4 Bytes [28, 9B, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtMapViewOfSection + B 76EB5C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenFile + 6 76EB5D1E 4 Bytes [68, 98, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenFile + B 76EB5D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcess + 6 76EB5DCE 4 Bytes [A8, 99, 38, 00] {TEST AL, 0x99; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcess + B 76EB5DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessToken + 6 76EB5DDE 4 Bytes CALL 75EB967C C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessToken + B 76EB5DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessTokenEx + 6 76EB5DEE 4 Bytes [A8, 9A, 38, 00] {TEST AL, 0x9a; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessTokenEx + B 76EB5DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThread + 6 76EB5E4E 4 Bytes [68, 99, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThread + B 76EB5E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadToken + 6 76EB5E5E 4 Bytes [68, 9A, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadToken + B 76EB5E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadTokenEx + 6 76EB5E6E 4 Bytes CALL 75EB970D C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadTokenEx + B 76EB5E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryAttributesFile + 6 76EB5F7E 4 Bytes [A8, 98, 38, 00] {TEST AL, 0x98; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryAttributesFile + B 76EB5F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryFullAttributesFile + 6 76EB602E 4 Bytes CALL 75EB98CB C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryFullAttributesFile + B 76EB6033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationFile + 6 76EB667E 4 Bytes [28, 99, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationFile + B 76EB6683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationThread + 6 76EB66DE 4 Bytes [28, 9A, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationThread + B 76EB66E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtUnmapViewOfSection + 6 76EB69FE 4 Bytes [68, 9B, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtUnmapViewOfSection + B 76EB6A03 1 Byte [E2]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{1B8BAB00-0D0D-11E0-9DB7-806E6F6E6963} 16162900264

---- EOF - GMER 2.1 ----

Computer shows 'not responding'

0
0
I am getting random Not Responding when using Outlook, Firefox browser, and even when trying to play simple Windows games (e.g. Solitaire)
I have Windows 7 64-bit PC.

I started this thread on 1/9/13 and worked with a Tech Guy until I went on a short break at the end of September. The thread was put on hold until 2/10/13. However, since that date, I haven't been able to get in touch with him again despite posting several 'replies'. I am still getting the error message and I am concerned that my system isn't protected.

Help

Dave H

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X4 940 Processor, AMD64 Family 16 Model 4 Stepping 2
Processor Count: 4
RAM: 3327 Mb
Graphics Card: NVIDIA GeForce 8400 GS, 512 Mb
Hard Drives: C: Total - 953765 MB, Free - 692601 MB; G: Total - 953863 MB, Free - 157643 MB;
Motherboard: ASRock, ALiveXFire-eSATA2..
Antivirus: Microsoft Security Essentials, Updated and Enabled

lap top slow and freezing + web browser having popup's

0
0
Hi,

my laptop is getting slower and slower and freezes from time to time and i cannot open some of the applications.

on top of that my firefox browser is having so many popus and i don't know how to clear them. there are some popus that have the music in it and it is very annoying.

can some one help me clean my lap top and get it going faster and also get it more secured.

Regards,
jim

Please help me delete Conduit. software virus

0
0
wd a program "Teamviewer"" and missed the screen to refuse the addition add-ons. How do I get rid of it?
I ran AdwCleaner...

# AdwCleaner v3.012 - Report created 15/11/2013 at 10:22:51
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Marlis Galkin - MARLISGALKIN-PC
# Running from : C:\Users\Marlis Galkin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI6CUTFC\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Application Updater
Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\Users\Marlis Galkin\AppData\Roaming\Mozilla\Firefox\Profiles\itxzm29m.default\Extensions \dealio@mybrowserbar.com
File Found : C:\Users\Marlis Galkin\AppData\Roaming\Mozilla\Firefox\Profiles\itxzm29m.default\searchplug ins\Askcom.xml
File Found : C:\Users\Marlis Galkin\Uninstall.exe
Folder Found : C:\Users\Marlis Galkin\AppData\Roaming\Mozilla\Firefox\Profiles\itxzm29m.default\Extensions \{00f2c0c6-2194-484e-9064-44e57787867b}
Folder Found : C:\Users\Marlis Galkin\AppData\Roaming\Mozilla\Firefox\Profiles\itxzm29m.default\Extensions \engine@conduit.com
Folder Found C:\Program Files\Application Updater
Folder Found C:\Program Files\Common Files\spigot
Folder Found C:\Program Files\Dealio Toolbar
Folder Found C:\Program Files\Searchprotect
Folder Found C:\ProgramData\apn
Folder Found C:\Users\Marlis Galkin\AppData\Local\Searchprotect
Folder Found C:\Users\Marlis Galkin\AppData\LocalLow\Dealio
Folder Found C:\Users\Marlis Galkin\AppData\LocalLow\Search Settings
Folder Found C:\Users\Marlis Galkin\AppData\Roaming\Mozilla\Firefox\Profiles\itxzm29m.default\Conduit
Folder Found C:\Users\Marlis Galkin\AppData\Roaming\Mozilla\Firefox\Profiles\itxzm29m.default\ConduitEng ine
Folder Found C:\Users\Marlis Galkin\AppData\Roaming\Mozilla\Firefox\Profiles\itxzm29m.default\CT2769720
Folder Found C:\Users\Marlis Galkin\AppData\Roaming\SendSpace

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Dealio
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Dealio
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\Software\Dealio
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\SearchProtect
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v11.0 (en-US)

[ File : C:\Users\Marlis Galkin\AppData\Roaming\Mozilla\Firefox\Profiles\itxzm29m.default\prefs.js ]

Line Found : user_pref("CT2769720..clientLogIsEnabled", false);
Line Found : user_pref("CT2769720..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2769720..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2769720.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2769720.CTID", "CT2769720");
Line Found : user_pref("CT2769720.CurrentServerDate", "4-1-2011");
Line Found : user_pref("CT2769720.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2769720.DownloadReferralCookieData", "");
Line Found : user_pref("CT2769720.ExternalComponentPollDate129356788341693881", "Mon Jan 03 2011 07:31:17 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.FirstServerDate", "25-11-2010");
Line Found : user_pref("CT2769720.FirstTime", true);
Line Found : user_pref("CT2769720.FirstTimeFF3", true);
Line Found : user_pref("CT2769720.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2769720.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2769720.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2769720.HasUserGlobalKeys", true);
Line Found : user_pref("CT2769720.Initialize", true);
Line Found : user_pref("CT2769720.InitializeCommonPrefs", true);
Line Found : user_pref("CT2769720.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2769720.InstalledDate", "Wed Nov 24 2010 20:57:34 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.InvalidateCache", false);
Line Found : user_pref("CT2769720.IsGrouping", false);
Line Found : user_pref("CT2769720.IsMulticommunity", false);
Line Found : user_pref("CT2769720.IsOpenThankYouPage", true);
Line Found : user_pref("CT2769720.IsOpenUninstallPage", true);
Line Found : user_pref("CT2769720.LanguagePackLastCheckTime", "Mon Jan 03 2011 08:16:47 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2769720.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2769720.LastLogin_3.2.5.2", "Mon Jan 03 2011 19:13:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.LatestVersion", "3.2.5.2");
Line Found : user_pref("CT2769720.Locale", "en");
Line Found : user_pref("CT2769720.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2769720.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2769720.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2769720.RadioIsPodcast", false);
Line Found : user_pref("CT2769720.RadioLastCheckTime", "Mon Jan 03 2011 08:17:15 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT2769720.RadioLastUpdateServer", "129356856466730000");
Line Found : user_pref("CT2769720.RadioMediaID", "21610257");
Line Found : user_pref("CT2769720.RadioMediaType", "Media Player");
Line Found : user_pref("CT2769720.RadioMenuSelectedID", "EBRadioMenu_CT2769720_RECENT21610257");
Line Found : user_pref("CT2769720.RadioStationName", "BBC%20Radio%20World%20Service");
Line Found : user_pref("CT2769720.RadioStationURL", "hxxp://livewmstream-ws.bbc.co.uk.edgestreams.net/reflector:38972");
Line Found : user_pref("CT2769720.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT2769720.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2769720.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2769720&q=");
Line Found : user_pref("CT2769720.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2769720.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2769720.SearchInNewTabLastCheckTime", "Mon Jan 03 2011 08:16:46 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2769720.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2769720.ServiceMapLastCheckTime", "Mon Jan 03 2011 08:16:47 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.SettingsLastCheckTime", "Mon Jan 03 2011 07:31:17 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.SettingsLastUpdate", "1293117734");
Line Found : user_pref("CT2769720.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2769720.ThirdPartyComponentsLastCheck", "Sun Dec 19 2010 00:00:24 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.ThirdPartyComponentsLastUpdate", "1246790578");
Line Found : user_pref("CT2769720.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2769720.UserID", "UN22547503554880166");
Line Found : user_pref("CT2769720.ValidationData_Search", 0);
Line Found : user_pref("CT2769720.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2769720.WeatherNetwork", "");
Line Found : user_pref("CT2769720.WeatherPollDate", "Mon Jan 03 2011 19:43:02 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.WeatherUnit", "F");
Line Found : user_pref("CT2769720.alertChannelId", "1161832");
Line Found : user_pref("CT2769720.backendstorage.amazonnew_all", "3739353833312C3133343038312C3133333430312C3133343337312C3833333838312C3133 343037312C3133343333312C3833353038312C3133333236312C3133343332312C3133333[...]
Line Found : user_pref("CT2769720.myStuffEnabled", true);
Line Found : user_pref("CT2769720.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2769720.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIG INAL_CTID");
Line Found : user_pref("CT2769720.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2769720.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_L UT");
Line Found : user_pref("CT2769720.testingCtid", "");
Line Found : user_pref("CT2769720.toolbarAppMetaDataLastCheckTime", "Mon Jan 03 2011 08:16:47 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.toolbarContextMenuLastCheckTime", "Wed Nov 24 2010 20:57:34 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2769720.usagesFlag", 2);
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1161832/1157519/DEFAULT", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1161832/1157519/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2769720", "\"1293094611\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/2010 3:54:59 PM", "634285417620000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2010 3:22:42 PM", "634285417620000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2010 12:43:05 PM", "634293235860000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634356118310000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2769720&octid=CT2769720", "\"1291205448\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT2769720&octid=CT2769720&dummy=true", "\"1291205448\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2769720/CT2769720", "\"1293117734\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634292354593700000\"");
Line Found : user_pref("CommunityToolbar.EngineOwner", "CT2769720");
Line Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{00f2c0c6-2194-484e-9064-44e57787867b}");
Line Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "searchelf_1.1");
Line Found : user_pref("CommunityToolbar.IsEngineShown", true);
Line Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2769720");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{00f2c0c6-2194-484e-9064-44e57787867b}");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "searchelf_1.1");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2769720");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2769720");
Line Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Apr 21 2011 16:05:54 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 20 2011 08:16:47 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 10:48:16 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "4151f94e-c77b-4622-bcb7-28243feb9928");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jun 12 2011 08:58:53 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jun 20 2011 08:52:14 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.FirstServerDate", "11/25/2010 03");
Line Found : user_pref("ConduitEngine.FirstTime", true);
Line Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Found : user_pref("ConduitEngine.Initialize", true);
Line Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Found : user_pref("ConduitEngine.InstalledDate", "Wed Nov 24 2010 20:57:32 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("ConduitEngine.IsMulticommunity", false);
Line Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 22 2011 10:48:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Mon Jan 03 2011 07:31:18 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Jun 22 2011 10:23:02 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Jun 22 2011 10:23:02 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.UserID", "UN49231696869568533");
Line Found : user_pref("ConduitEngine.engineLocale", "en-US");
Line Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 22 2011 10:48:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Jun 22 2011 07:23:03 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.initDone", true);
Line Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Found : user_pref("ConduitEngine.usagesFlag", 2);
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("extensions.enabledItems", "engine@conduit.com:3.2.5.2,{00f2c0c6-2194-484e-9064-44e57787867b}:3.2.5.2,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,{ABDE892B-13A8-4d1b-88E6-365A6E755758}[...]
Line Found : user_pref("extensions.engine@conduit.com.install-event-fired", true);

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Marlis Galkin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [21760 octets] - [15/11/2013 10:22:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21821 octets] ##########

Malware,Adware,Trojans

0
0
I have a Lenovo E520 Win 7.Kaspersky Internet Security
My son downloaded something so he could watch a NKL hockey game on the laptop. It put all kinds of adds
It now has voices doing commercial, A page pops up and tells me I have to update my browser. New windows are popping up all the time. The homepage never comes up first it is always says it didn't load correctly.
I did the down loads requested. Any help will be appreciated.




Thanks
NcRam :(

Attached Files
File Type: log hijackthis.log (21.9 KB)
File Type: txt dds.txt (38.4 KB)
File Type: txt attach.txt (10.1 KB)
Viewing all 3123 articles
Browse latest View live




Latest Images