Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 3123 articles
Browse latest View live

Browser Hijack (spigot)

February 28, 2014, 5:46 pm
$
0
0
Hello everyone,

I am having a serous issue with http://search.yahoo.com/?type=198484&fr=spigot-yhp-ch hijacking my chrome browser. I have tried everything to get rid of it and it just seems to not go away, I was informed that this adware is very hard to clean out of the system.

I have tried everything from hitmanpro, aswMBR,comofix, Malware bytes, adwcleaner and jrt to try and get rid of this thing and it still continues to show up. It's got so bad that my CPU maxes out at 100 upon log in and then seems to come down and then back up again.

If some one can help me with this issue that would be most grateful.

Thank you for your time.
Search

I am plagued with WidgiToolbar / Spigot -- log files included

February 28, 2014, 9:07 pm
$
0
0
Spybot has not been able to remove it. Thank you very much for any help.

------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:07:29 PM, on 2/28/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Classic PDF Editor\PDFVPrinter.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Users\Owner\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\8.6\searchmeToolbarIE.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O3 - Toolbar: SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\8.6\searchmeToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [Snap] C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [PDFVPrinter] C:\Program Files\Classic PDF Editor\PDFVPrinter.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [SacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe
O4 - HKCU\..\Run: [StartNow Search Protect] "C:\Program Files\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wil...d=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wil...enu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wil...menu_ie_report
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CFUACProxy_officeguardianv2 - Storage Appliance Corp. - C:\ProgramData\OfficeGuardianV2\UACProxy.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\STacSV.exe

--
End of file - 11676 bytes

------------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518
Run by Owner at 20:12:21 on 2014-02-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1450 [GMT -8:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\ProgramData\OfficeGuardianV2\UACProxy.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_242880 96a5cd99f6\STacSV.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Classic PDF Editor\PDFVPrinter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Users\Owner\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SearchMe Toolbar: {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - c:\program files\searchme toolbar\ie\8.6\searchmeToolbarIE.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: SearchMe Toolbar: {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - c:\program files\searchme toolbar\ie\8.6\searchmeToolbarIE.dll
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ShowBatteryBar] "c:\program files\batterybar\ShowBatteryBar.exe" show
uRun: [SacReminderHDDV2] c:\programdata\officeguardianv2\reminder\SacReminder.exe
uRun: [StartNow Search Protect] "c:\program files\startnow toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [Snap] c:\program files\usb 2.0 pc camera\Camera Snap.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [SearchProtection] c:\programdata\search protection\_run.bat
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [PDFVPrinter] c:\program files\classic pdf editor\PDFVPrinter.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\o nenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_wil...d=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wil...enu_ie_exclude
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wil...menu_ie_report
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 168.150.253.2 168.150.253.1 75.101.19.192
TCP: Interfaces\{88B56E80-767A-411C-805B-E6E5627351EF} : DHCPNameServer = 168.150.253.2 168.150.253.1 192.168.1.1
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF} : DHCPNameServer = 168.150.253.2 168.150.253.1 75.101.19.192
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF}\2375942554736393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF}\34963736F66303030353 : DHCPNameServer = 168.150.253.2 168.150.253.1
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF}\356484F4354554C4 : DHCPNameServer = 208.201.224.11 208.201.224.33 4.2.2.2
TCP: Interfaces\{C0111147-2A0D-4BF8-B5A3-1321517285EF}\966496870254C656364727F6E6963637 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\0cazx7f7.default-1385247547231\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-19 13560]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutra l_24288096a5cd99f6\AEstSrv.exe [2011-3-7 73728]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\offi ceguardianv2\UACProxy.exe [2011-12-24 83792]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-9-12 66344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-12-19 1153368]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-19 43368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-10-19 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-12 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-15 235696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-1 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 usbcamcl;Driver for usbcamcl Device;c:\windows\system32\drivers\usbcamcl.sys [2011-8-18 28416]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-11 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver mx\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-26 12:12:49 -------- d-----w- c:\windows\Migration
2014-02-13 06:14:17 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 21:51:55 -------- d-----w- c:\program files\McAfee Security Scan
2014-02-12 15:59:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 15:59:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 15:59:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 15:59:08 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 15:58:59 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-12 15:58:58 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-12 15:58:57 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 15:58:55 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-12 15:58:54 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-12 15:58:53 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-12 15:58:53 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-12 15:58:52 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 15:58:52 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
.
==================== Find3M ====================
.
2014-02-21 01:12:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 01:12:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 20:18:14.25 ===============

------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/7/2011 5:45:16 PM
System Uptime: 2/28/2014 7:03:53 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | Microprocessor | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 73.957 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP297: 2/12/2014 10:12:38 PM - Windows Update
RP298: 2/20/2014 1:17:31 PM - Scheduled Checkpoint
RP299: 2/26/2014 4:03:59 AM - Windows Update
RP300: 2/27/2014 9:43:26 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware Antivirus
Ad-Aware Security Add-on
Ad Muncher v4.91 Build 32562
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.5)
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
BatteryBar (remove only)
Bonjour
Cisco Connect
Classic PDF Editor 12.0
CoffeeCup HTML Editor
CuteFTP 8 Home
Dell Touchpad
DHTML Editing Component
Document Express DjVu Plug-in
Eraser 6.0.10.2620
FileZilla Client 3.5.3
GIMP 2.6.12
Google Chrome
Google Earth Plug-in
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
K-Lite Mega Codec Pack 5.7.0
Macromedia Dreamweaver MX
Macromedia Extension Manager
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.9)
Notepad++
NoteTab Light 6 (Remove only)
Paint Shop Pro 6.02 EVAL
Picasa 3
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SearchMe Toolbar v8.6
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
SigmaTel Audio
Skype Click to Call
Skype™ 6.0
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 PC CAMERA
VLC media player 1.0.5
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/27/2014 5:01:13 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
2/27/2014 10:59:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/23/2014 6:18:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

------------------------------------------------------------------------------------------

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-28 20:45:39
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS542516K9SA00 rev.BBCOC32P 149.05GB
Running: 1jos37o3.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E78A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB2212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!WSASend 77A44406 6 Bytes JMP 719A0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!GetAddrInfoW 77A44889 6 Bytes JMP 71AF0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!FreeAddrInfoW 77A44B1B 6 Bytes JMP 71A90F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!recv 77A46B0E 6 Bytes JMP 719D0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!send 77A46F01 6 Bytes JMP 71A00F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!WSARecv 77A47089 6 Bytes JMP 71970F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!WSAGetOverlappedResult 77A47489 6 Bytes JMP 71940F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!GetAddrInfoExW 77A4D1EA 6 Bytes JMP 71A60F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[2268] WS2_32.dll!FreeAddrInfoEx 77A4E14D 6 Bytes JMP 71A30F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, 5C, 01, 01] {SUB [ECX+EAX+0x1], BL}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, 5F, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, 5C, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, 5D, 01, 01] {TEST AL, 0x5d; ADD [ECX], EAX}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, 5E, 01, 01] {TEST AL, 0x5e; ADD [ECX], EAX}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, 5D, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, 5E, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, 5C, 01, 01] {TEST AL, 0x5c; ADD [ECX], EAX}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, 5D, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, 5E, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, 5F, 01, 01]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!WSASend 77A44406 6 Bytes JMP 719A0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!GetAddrInfoW 77A44889 6 Bytes JMP 71AF0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!FreeAddrInfoW 77A44B1B 6 Bytes JMP 71A90F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!recv 77A46B0E 6 Bytes JMP 719D0F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!send 77A46F01 6 Bytes JMP 71A00F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!WSARecv 77A47089 6 Bytes JMP 71970F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!WSAGetOverlappedResult 77A47489 6 Bytes JMP 71940F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!GetAddrInfoExW 77A4D1EA 6 Bytes JMP 71A60F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3532] WS2_32.dll!FreeAddrInfoEx 77A4E14D 6 Bytes JMP 71A30F5A
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, A8, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, AB, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, A8, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, A9, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, AA, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, A9, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, AA, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, A8, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, A9, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, AA, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, AB, FB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, 00, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + 6 77945C6E 1 Byte [28]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, 03, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, 00, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, 01, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, 02, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, 01, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, 02, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, 00, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, 01, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, 02, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 1 Byte [68]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, 03, 54, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[4172] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, F4, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, F7, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, F4, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, F5, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, F6, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, F5, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, F6, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, F4, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, F5, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, F6, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, F7, AB, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5384] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, 7C, 8A, 00] {SUB [EDX+ECX*4+0x0], BH}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtMapViewOfSection + 6 77945C6E 4 Bytes [28, 7F, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, 7C, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [A8, 7D, 8A, 00] {TEST AL, 0x7d; MOV AL, [EAX]}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [A8, 7E, 8A, 00] {TEST AL, 0x7e; MOV AL, [EAX]}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [68, 7D, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [68, 7E, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, 7C, 8A, 00] {TEST AL, 0x7c; MOV AL, [EAX]}
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, 7D, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationThread + 6 779466DE 4 Bytes [28, 7E, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtTerminateProcess 77946908 5 Bytes JMP 009FEA9B C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [68, 7F, 8A, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2]

---- Devices - GMER 2.1 ----

Device \Driver\gfiark \Device\GFIARK 9AB9E992

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}
Reg HKLM\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}@ 0x4D 0x35 0x29 0xB5 ...
Reg HKLM\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}
Reg HKLM\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}@ 0xD9 0x59 0x3D 0xB5 ...
Reg HKLM\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}
Reg HKLM\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}@ 0xDD 0x26 0x9C 0xB3 ...
Reg HKLM\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}
Reg HKLM\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}@ 0xDF 0x7B 0x65 0xB5 ...

---- EOF - GMER 2.1 ----

levelqualitywatcher

March 1, 2014, 8:41 am
$
0
0
The other day I was looking to download something that would turn flac VIDEO into mpegs. I dl'd from cnet.com where I usually go when I'm searching for something I don't know any websites to go to. cnet.com downloads have never been a problem in the past but this is the only thing I can think of. Nothing I downloaded was what I was really looking for, so I uninstalled it right away. I was using Firefox and imo FF has gotten buggier with each new version so I blamed what was happening on FF. I uninstalled FF and installed Chrome. These problems (window after window after window, etc., opening telling me I didn't have Java (I have the latest version) that I should update my Vista drivers or I was going to die a slow, torturous death, etc. You get the picture.

Anyway, since nothing unusual showed up in my programs and features I went into my program files and there it was. Main folder, another folder inside, and the 32 version, and the 64 version. I tried to delete but of course, to no avail.

I've gotten help from you guys in the past and so here I am. Let me know if I provided the correct information because it seems that both of the buttons you told me push provided the same information. Just so you know, when I did the first button, on the very first line it stopped, was highlighted in red, and said something about not being able to fix it but it's there for you to see. Then this pops up. I'm gonna wait for a response before I do anything

Thanks a bunch. Sorry, now I don't remember which came first, the chicken or the egg.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:05:15 AM, on 3/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\rman56\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...=614045414&ir=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...=614045414&ir=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEOptimizer - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files\SavingsBull\IEOptimizer.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrowserSafeguard] "C:\Program Files\Browsersafeguard\BrowserSafeguard.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
O4 - HKLM\..\RunOnce: [RAInstaller c:\Zylom Games\Jewel Quest Mysteries - The Seventh Gate Premium Edition] cmd.exe /c "rmdir /S /Q "c:\Zylom Games\Jewel Quest Mysteries - The Seventh Gate Premium Edition""
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NTRedirect] C:\Windows\system32\rundll32.exe "C:\Users\rman56\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\rman56\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: c:\progra~1\contin~1\sprote~1.dll c:\progra~1\softqu~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Level Quality Watcher - Unknown owner - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Update lookinglink - Unknown owner - C:\Program Files\lookinglink\updatelookinglink.exe (file missing)

--
End of file - 6271 bytes


This came last, I remember it saying a file is missing and I believe it's the first one.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:05:15 AM, on 3/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\rman56\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...=614045414&ir=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...=614045414&ir=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEOptimizer - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files\SavingsBull\IEOptimizer.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrowserSafeguard] "C:\Program Files\Browsersafeguard\BrowserSafeguard.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
O4 - HKLM\..\RunOnce: [RAInstaller c:\Zylom Games\Jewel Quest Mysteries - The Seventh Gate Premium Edition] cmd.exe /c "rmdir /S /Q "c:\Zylom Games\Jewel Quest Mysteries - The Seventh Gate Premium Edition""
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NTRedirect] C:\Windows\system32\rundll32.exe "C:\Users\rman56\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\rman56\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: c:\progra~1\contin~1\sprote~1.dll c:\progra~1\softqu~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Level Quality Watcher - Unknown owner - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Update lookinglink - Unknown owner - C:\Program Files\lookinglink\updatelookinglink.exe (file missing)

--
End of file - 6271 bytes


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:05:15 AM, on 3/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\rman56\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...=614045414&ir=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...=614045414&ir=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEOptimizer - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files\SavingsBull\IEOptimizer.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrowserSafeguard] "C:\Program Files\Browsersafeguard\BrowserSafeguard.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
O4 - HKLM\..\RunOnce: [RAInstaller c:\Zylom Games\Jewel Quest Mysteries - The Seventh Gate Premium Edition] cmd.exe /c "rmdir /S /Q "c:\Zylom Games\Jewel Quest Mysteries - The Seventh Gate Premium Edition""
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NTRedirect] C:\Windows\system32\rundll32.exe "C:\Users\rman56\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\rman56\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: c:\progra~1\contin~1\sprote~1.dll c:\progra~1\softqu~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Level Quality Watcher - Unknown owner - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Update lookinglink - Unknown owner - C:\Program Files\lookinglink\updatelookinglink.exe (file missing)

--
End of file - 6271 bytes

No Internet Access cause by Virus or Malware

March 1, 2014, 12:52 pm
$
0
0
So uhmm... I've been haveing a problem regarding my internet access then I've posted a thread here in this site then yesterday someone said that may laptop has virus so I need to post a new thread. Here's my previous thread http://forums.techguy.org/networking...rk-access.html Please please help me, It's been 2 months since I was able to use our wifi

Makins sure ZA Rootkit was 100% removed

March 1, 2014, 2:29 pm
$
0
0
Hey guys, I removed a ZA Rootkit from my friends machine, and I wanted to make sure it was COMPLETELY removed. Please let me know if you need anything else besides the logs I have posted.


DDS


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by Administrator at 13:55:28 on 2014-03-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1005 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = <-loopback>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninst..."&"ver=9.0.894
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{499547A4-8E9D-4D78-810E-E95970C86001} : DHCPNameServer = 192.168.254.254
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2013-9-26 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-21 37664]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-11-20 81920]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-10-15 136192]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\hp\hp laserjet m1210 mfp series\ReceiveFaxUtility.exe [2009-11-18 245760]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-12-4 99896]
R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2011-1-4 13824]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-1-4 17408]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-23 108032]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-2-22 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-11 1343400]
.
=============== Created Last 30 ================
.
2014-03-01 19:52:28 -------- d-----w- C:\FRST
2014-02-26 04:40:19 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-02-25 09:01:45 -------- d-----w- c:\windows\Migration
2014-02-23 16:46:46 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2014-02-23 16:46:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-23 16:46:29 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-23 16:46:29 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-23 09:05:27 -------- d-----w- c:\windows\system32\MRT
2014-02-22 22:26:59 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-22 22:26:59 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-22 22:26:58 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-02-22 22:26:58 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-22 22:26:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-22 22:26:58 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-02-22 22:26:58 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-02-22 22:26:58 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-02-22 22:26:58 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-02-22 22:26:58 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-22 22:26:58 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-02-22 22:02:00 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-02-22 22:02:00 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-02-22 21:59:00 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-02-22 21:59:00 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-02-22 21:57:57 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-02-22 21:56:21 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-02-22 21:44:32 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-22 21:44:04 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-22 21:44:04 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-22 21:44:04 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-22 21:44:04 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-22 21:44:04 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-22 21:44:04 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-22 21:44:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-22 21:44:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-22 21:44:03 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-22 21:41:44 434688 ----a-w- c:\windows\system32\scavengeui.dll
2014-02-22 21:36:52 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-02-22 21:35:58 175104 ----a-w- c:\windows\system32\wintrust.dll
2014-02-22 21:34:26 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-02-22 21:34:26 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-02-22 21:34:26 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-02-22 21:34:26 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-02-22 21:34:25 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-02-22 21:34:25 186368 ----a-w- c:\windows\system32\wwansvc.dll
2014-02-22 21:34:21 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-02-22 21:34:21 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-02-22 21:33:39 101720 ----a-w- c:\windows\system32\consent.exe
2014-02-22 21:33:38 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-02-22 21:33:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-02-22 21:33:31 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-02-22 21:33:22 492544 ----a-w- c:\windows\system32\win32spl.dll
2014-02-22 21:33:21 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-02-22 21:33:21 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-22 21:33:20 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-02-22 21:33:20 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-02-22 21:31:16 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-02-22 21:31:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-02-22 21:31:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-02-22 21:31:06 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-02-22 21:31:06 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-02-22 21:31:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-02-22 21:31:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-02-22 21:31:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-02-22 21:30:23 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2014-02-22 21:30:23 80896 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2014-02-22 21:30:15 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-02-22 20:17:18 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes
2014-02-22 20:17:12 -------- d-----w- c:\programdata\Malwarebytes
2014-02-22 20:17:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-22 20:17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-22 20:15:31 -------- d-----w- C:\AdwCleaner
2014-02-22 18:43:15 -------- d-----w- c:\program files\Enigma Software Group
2014-02-22 18:42:31 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-02-22 18:42:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
.
==================== Find3M ====================
.
2014-02-22 21:57:40 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-22 18:17:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-22 18:17:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-01-20 03:46:54 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-12-21 08:56:47 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-19 03:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-06 02:02:08 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
.
============= FINISH: 13:55:59.89 ===============


ADDITION.TXT


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-03-2014
Ran by Administrator at 2014-03-01 13:53:40
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: AVG Anti-Virus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Anti-Virus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}) (Version: 1.1.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
FoxTab PDF Converter (HKCU\...\FoxTab PDF Converter) (Version: - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{FA3AFC80-05A5-45A6-BD6E-92641BF93129}) (Version: 1.1.0 - HP)
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{33FA361C-6545-4490-945C-1B869370489D}) (Version: 1.0.12 - Hewlett-Packard)
HP LaserJet Toolbox (HKLM\...\{1FA6376A-3120-45DA-8686-96DEFC8A0513}) (Version: 2.0.0 - Hewlett-Packard)
hppLaserJetService (Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickBooks (Version: 20.0.4001.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4001.807 - Intuit Inc.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
23-02-2014 19:46:23 Windows Update
25-02-2014 09:00:10 Windows Update
26-02-2014 09:00:11 Windows Update
==================== Hosts content: ==========================
2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0C957F8E-6757-4F99-B6FE-385AC64D97E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)
Task: {54427E5F-BFC0-4AF7-AF69-09631AB5B7F5} - System32\Tasks\ARO 2012 => C:\Program Files\ARO 2012\ARO.exe
Task: {6171619D-0B34-43D7-9A64-7227C8325617} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)
Task: {6C1FC521-38CD-4A41-A23F-FCDE09ED5B10} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{BF7A3131-13E2-4C96-B465-E83DE1DEAF4A}.exe
Task: {DBFF10CC-B9C6-4D4A-A188-92CD151CACC6} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3D0C19B2-CD55-48C5-BC47-CD6D0FA9D3F6}.exe
Task: {FFB235B0-EE52-4108-9A2E-20085362F64A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-22] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ARO 2012.job => C:\Program Files\ARO 2012\ARO.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{BF7A3131-13E2-4C96-B465-E83DE1DEAF4A}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3D0C19B2-CD55-48C5-BC47-CD6D0FA9D3F6}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-04 16:09 - 2009-11-20 13:42 - 00163840 _____ () C:\Windows\System32\HPM1210LM.DLL
2011-10-23 16:49 - 2007-08-21 12:32 - 00098304 _____ () C:\Windows\System32\redmonnt.dll
2011-01-04 16:09 - 2009-11-20 13:42 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HPM1210PP.dll
2011-01-04 16:09 - 2009-11-20 13:42 - 02359296 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\hpm1210su.dll
2011-01-04 16:09 - 2009-11-20 14:06 - 00794624 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HPM1210GC.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 00061440 _____ () C:\Program Files\HP\HPLaserJetService\HPTools.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 00964096 _____ () C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll
2011-01-04 16:05 - 2009-12-03 17:05 - 00081920 _____ () C:\Windows\system32\mvusbews.DLL
2011-01-04 16:05 - 2009-12-03 17:00 - 00167936 _____ () C:\Windows\system32\m1210wia.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (02/26/2014 03:00:12 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {31a4fa32-94de-49b0-b548-0cfa47c0919e}
Error: (02/25/2014 03:00:10 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bd75929d-296c-4155-8815-03060a7519c9}
Error: (02/23/2014 01:46:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {68661789-b12c-4f0f-bbe1-6aa182328e78}
Error: (02/23/2014 03:00:12 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {fa9af2ba-0607-48f5-97de-5c86845ba4b1}
Error: (02/22/2014 03:51:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {946dc2b7-7bdd-4d56-a54e-31b6a235a2af}
Error: (02/22/2014 03:03:41 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {56a2093c-97e7-4f7b-bbd0-7d1b08111c01}
Error: (02/22/2014 03:02:59 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 10cc
Start Time: 01cf301000a719ed
Termination Time: 50
Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Report Id: b19e4462-9c04-11e3-a657-002564dfa0b8
Error: (02/22/2014 02:30:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a34c31cb-e17b-49e7-a78a-6809013ffbda}
Error: (02/22/2014 02:29:36 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 14a0
Start Time: 01cf300c91d7b6ae
Termination Time: 16
Application Path: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Report Id: 06295afe-9c00-11e3-b47d-002564dfa0b8
Error: (02/22/2014 02:26:54 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a34c31cb-e17b-49e7-a78a-6809013ffbda}

System errors:
=============
Error: (02/25/2014 10:15:14 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (02/25/2014 10:15:14 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (02/23/2014 02:49:43 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (02/23/2014 02:49:43 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (02/23/2014 02:49:08 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060
Error: (02/23/2014 02:49:07 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
Error: (02/23/2014 02:49:07 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
Error: (02/23/2014 02:49:05 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (02/23/2014 01:49:03 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (02/23/2014 01:49:03 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Microsoft Office Sessions:
=========================
Error: (02/26/2014 03:00:12 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {31a4fa32-94de-49b0-b548-0cfa47c0919e}
Error: (02/25/2014 03:00:10 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bd75929d-296c-4155-8815-03060a7519c9}
Error: (02/23/2014 01:46:24 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {68661789-b12c-4f0f-bbe1-6aa182328e78}
Error: (02/23/2014 03:00:12 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {fa9af2ba-0607-48f5-97de-5c86845ba4b1}
Error: (02/22/2014 03:51:13 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {946dc2b7-7bdd-4d56-a54e-31b6a235a2af}
Error: (02/22/2014 03:03:41 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {56a2093c-97e7-4f7b-bbd0-7d1b08111c01}
Error: (02/22/2014 03:02:59 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.110cc01cf301000a719ed50C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeb19e4462-9c04-11e3-a657-002564dfa0b8
Error: (02/22/2014 02:30:12 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a34c31cb-e17b-49e7-a78a-6809013ffbda}
Error: (02/22/2014 02:29:36 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.114a001cf300c91d7b6ae16C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe06295afe-9c00-11e3-b47d-002564dfa0b8
Error: (02/22/2014 02:26:54 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1082783969-1047356965-4219978972-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a34c31cb-e17b-49e7-a78a-6809013ffbda}

==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 2012.99 MB
Available physical RAM: 1002.63 MB
Total Pagefile: 4025.98 MB
Available Pagefile: 2743.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.15 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:134.32 GB) (Free:100.11 GB) NTFS
Drive e: () (Removable) (Total:14.9 GB) (Free:14.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 71B1E4FB)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=134 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: E64CABB9)
Partition: GPT Partition Type.
==================== End Of Log ============================

Running slow and using a huge amount of bandwidth

March 1, 2014, 7:13 pm
$
0
0
This is my teenage brother's computer, so please don't judge me by what's on here. ;) He complained that it's been running slow and starting up funny (something about preparing something?). My mom said it uses a huge amount of bandwidth when it's connected to the wi-fi, even when he's using it just for standard internet browsing. Thank you in advance for your assistance!!!

Here are the scan files:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:46:19 PM, on 3/1/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Users\Chance H\AppData\Local\GCC\Controller.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Users\Chance H\AppData\Local\GCC\Controller.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Chance H\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=e4cbcfa9-14a0-4089-8521-70dd902706c9&searchtype=ds&q={searchTerms}&installDate=05/07/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=e4cbcfa9-14a0-4089-8521-70dd902706c9&searchtype=ds&q={searchTerms}&installDate=05/07/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=Sn...ate=05/07/2013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.v9.com/?utm_source=b&utm_m...&ts=1372650855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.v9.com/?utm_source=b&utm_m...&ts=1372650855
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=e4cbcfa9-14a0-4089-8521-70dd902706c9&searchtype=ds&q={searchTerms}&installDate=05/07/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=e4cbcfa9-14a0-4089-8521-70dd902706c9&searchtype=ds&q={searchTerms}&installDate=05/07/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: MediaViewerV1alpha377 - {02f5236c-c300-49bb-9410-5558e17dbed5} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha377\ie\MediaViewerV1alpha377.dll
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
O2 - BHO: CrossriderApp0004639 - {11111111-1111-1111-1111-110011461139} - C:\Program Files (x86)\SavingsApp\SavingsApp.dll
O2 - BHO: CrossriderApp0047220 - {11111111-1111-1111-1111-110411721120} - C:\Program Files (x86)\DP1815\DP1815-bho.dll
O2 - BHO: FoodBuzz - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll
O2 - BHO: HelloWorldBHO - {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - C:\Program Files (x86)\OApps\SelectionLinks.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
O2 - BHO: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: EbookBrowSSey - {584A92E4-AF81-1696-5AE7-7E318DB9CFFF} - C:\ProgramData\EbookBrowSSey\519d82bfade06.dll
O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: BloccKUTuebbeeAdo - {88CB6589-16AE-43CE-B166-BB54B0EA37D4} - C:\ProgramData\BloccKUTuebbeeAdo\uKtIvkP.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Privacy SafeGuard - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll (file missing)
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll
O2 - BHO: TidyNetwork - {B913F09F-6C91-3D61-CA36-3807759A3739} - C:\Program Files (x86)\TidyNetwork\petn.dll
O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - mscoree.dll (file missing)
O2 - BHO: CoonntinuuetiosaaVe - {FB99DE84-B607-2B01-5EE8-DEC0C5CCA56E} - C:\ProgramData\CoonntinuuetiosaaVe\519d82ab934e7.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Chance H\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [FoodBuzzUpdate] C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe
O4 - HKCU\..\Run: [RecipesHQToolbarUpdater] C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~2\imesha~1\mediabar\datamngr\iebho.dll c:\progra~3\webtouch\webtouch.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: CyberLink Product - 2011/10/23 04:22:28 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: ConsumerInput Update Service (consumerinput_update) (consumerinput_update) - ConsumerInput - C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
O23 - Service: ConsumerInput Update Service (consumerinput_updatem) (consumerinput_updatem) - ConsumerInput - C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Freemake - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19290 bytes




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.45.2
Run by Chance H at 15:47:00 on 2014-03-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5445 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Users\Chance H\AppData\Local\GCC\Controller.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Users\Chance H\AppData\Local\GCC\Controller.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Ask.com\UpdateTask.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=e4cbcfa9-14a0-4089-8521-70dd902706c9&searchtype=hp&installDate=05/07/2013
uSearch Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=e4cbcfa9-14a0-4089-8521-70dd902706c9&searchtype=ds&q={searchTerms}&installDate=05/07/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=e4cbcfa9-14a0-4089-8521-70dd902706c9&searchtype=ds&q={searchTerms}&installDate=05/07/2013
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK1059GSM_Y13DF4G8S XXY13DF4G8S&ts=1372650855
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK1059GSM_Y13DF4G8S XXY13DF4G8S&ts=1372650855
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=e4cbcfa9-14a0-4089-8521-70dd902706c9&searchtype=ds&q={searchTerms}&installDate=05/07/2013
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Media Viewer: {02f5236c-c300-49bb-9410-5558e17dbed5} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha377\ie\MediaViewerV1alpha377.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO: SavingsApp: {11111111-1111-1111-1111-110011461139} - C:\Program Files (x86)\SavingsApp\SavingsApp.dll
BHO: DP1815: {11111111-1111-1111-1111-110411721120} - C:\Program Files (x86)\DP1815\DP1815-bho.dll
BHO: FoodBuzz: {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll
BHO: SelectionLinks: {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - C:\Program Files (x86)\OApps\SelectionLinks.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: EbookBrowSSey: {584A92E4-AF81-1696-5AE7-7E318DB9CFFF} - C:\ProgramData\EbookBrowSSey\519d82bfade06.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: BloccKUTuebbeeAdo: {88CB6589-16AE-43CE-B166-BB54B0EA37D4} - C:\ProgramData\BloccKUTuebbeeAdo\uKtIvkP.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -
BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll
BHO: TidyNetwork: {B913F09F-6C91-3D61-CA36-3807759A3739} - C:\Program Files (x86)\TidyNetwork\petn.dll
BHO: DataMngr: {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
BHO: CoonntinuuetiosaaVe: {FB99DE84-B607-2B01-5EE8-DEC0C5CCA56E} - C:\ProgramData\CoonntinuuetiosaaVe\519d82ab934e7.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
uRun: [Facebook Update] "C:\Users\Chance H\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [FoodBuzzUpdate] C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe
uRun: [RecipesHQToolbarUpdater] C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{64F930B9-5DA4-41E6-A7D1-D6B6DDD1B7C0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CBD55D73-A480-4B7F-AE2C-16A5338E1F69} : DHCPNameServer = 192.168.1.254
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~2\imesha~1\mediabar\datamngr\iebho.dll c:\progra~3\webtouch\webtouch.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK1059GSM_Y13DF4G8S XXY13DF4G8S&ts=1372650855
x64-mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK1059GSM_Y13DF4G8S XXY13DF4G8S&ts=1372650855
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
x64-BHO: DP1815: {11111111-1111-1111-1111-110411721120} - C:\Program Files (x86)\DP1815\DP1815-bho64.dll
x64-BHO: FoodBuzz: {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader64.dll
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: BloccKUTuebbeeAdo: {88CB6589-16AE-43CE-B166-BB54B0EA37D4} - C:\ProgramData\BloccKUTuebbeeAdo\uKtIvkP.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TidyNetwork: {B913F09F-6C91-3D61-CA36-3807759A3739} - C:\Program Files (x86)\TidyNetwork\petn64.dll
x64-BHO: DataMngr: {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-7-3 45856]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-23 89600]
R2 b805f733;WebTouch;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService. exe [2012-11-25 101376]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-11-25 8704]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-23 13336]
R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-7-11 6891312]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-23 2656280]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-23 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-10-23 333928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-23 428136]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/23 04:22:28;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 consumerinput_update;ConsumerInput Update Service (consumerinput_update);C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-1-27 106296]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-12-19 574464]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S3 consumerinput_updatem;ConsumerInput Update Service (consumerinput_updatem);C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2014-1-27 106296]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-17 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-17 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-01 21:35:41 -------- d-----w- C:\Users\Chance H\AppData\Local\Hewlett-Packard_Developme
2014-03-01 21:18:30 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D18037A4-1FBF-4024-BEB9-4EE2366BB491}\offreg.dll
2014-02-24 13:17:00 -------- d-----w- C:\Program Files (x86)\MediaViewerV1
2014-02-23 00:45:00 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D18037A4-1FBF-4024-BEB9-4EE2366BB491}\mpengine.dll
2014-02-21 02:44:44 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-20 00:17:16 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98F29F05-C9C9-4434-BB6D-A57B4A89D54F}\gapaengine.dll
2014-02-20 00:12:48 -------- d-----w- C:\ProgramData\522cd32310caa88
2014-02-20 00:12:47 -------- d-----w- C:\ProgramData\BloccKUTuebbeeAdo
2014-02-20 00:12:46 -------- d-----w- C:\ProgramData\pbjlkjomkkdcglikghegeoggadbphnak
2014-02-03 19:22:05 -------- d-----w- C:\ProgramData\WebTouch
2014-02-02 17:09:13 -------- d-----w- C:\Users\Chance H\AppData\Roaming\Compete
2014-02-01 18:40:53 -------- d-----w- C:\Program Files (x86)\MediaPlayerV1
.
==================== Find3M ====================
.
2014-02-21 03:18:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 03:18:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 15:50:25.01 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2011 7:52:17 AM
System Uptime: 3/1/2014 3:17:52 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1802
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU1 | 2201/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 905 GiB total, 802.599 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 11.309 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.143 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NetGroup Packet Filter Driver
Device ID: ROOT\LEGACY_NPF\0000
Manufacturer:
Name: NetGroup Packet Filter Driver
PNP Device ID: ROOT\LEGACY_NPF\0000
Service: npf
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.9) MUI
Adobe Shockwave Player 11.6
Agatha Christie - Peril at End House
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 2.0
AuthenTec TrueAPI
AVG SafeGuard toolbar
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
BloccKUTuebbeeAdo
Bounce Symphony
Build-a-lot 2
Business Contact Manager for Outlook 2007 SP2
Cake Mania
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.0
Canon My Printer
Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide
Canon Solution Menu EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Chuzzle Deluxe
Classic Menu for Office 2007 v7.50
Compatibility Pack for the 2007 Office system
Consumer Input
Consumer Input (remove only)
Consumer Input Chrome Extension (remove only)
CoonntinuuetiosaaVe
Crystal Reports Basic Runtime for Visual Studio 2008
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
DefaultTab Chrome
Digital Copy
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
DP1815
EbookBrowSSey
Energy Star Digital Logo
ESU for Microsoft Windows 7
Facebook Video Calling 2.0.0.447
Farm Frenzy
FATE - The Traitor Soul
File Type Assistant
FoodBuzz
Free File Viewer 2012
Freemake Video Downloader
GigaClicks Crawler
Google Chrome
Google Update Helper
Groove-Stream
Hewlett-Packard ACLM.NET v1.1.0.0
HP 3D DriveGuard
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
I Want This
iCloud
IDT Audio
Inbox Toolbar
InstallIQ Updater
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 24 (64-bit)
Java(TM) 6 Update 37
Junk Mail filter update
LEGO Digital Designer
LessTabs
Living 3D Dolphin
Mah Jong Medley
Media Player
Media Viewer
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SOSHOME309)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Mixxx 1.11.0
Monopoly
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor 2
Penguins!
Plants vs. Zombies
Plants vs. Zombies - Game of the Year
PlayBryte
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Privacy SafeGuard version 1.0
QuickTime
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
SavingsApp
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SelectionLinks
Slingo Supreme
Software Version Updater
Switched-On Schoolhouse 2011 - Home Edition
Switched-On Schoolhouse 2011 - Home Edition Database
Switched-On Schoolhouse 2011 - Home Edition Tutorials
swMSM
Synaptics TouchPad Driver
The Weather Channel Desktop 6
TidyNetwork
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Validity WBF DDK
Video Player
Virtual Villagers 4 - The Tree of Life
Webexp Enhanced
WebTouch
Wheel of Fortune 2
WildTangent Games App (HP Games)
Wincore MediaBar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizard101
Yontoo 1.10.02
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/1/2014 3:32:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {3EEF301F-B596-4C0B-BD92-013BEAFCE793} and APPID {3EEF301F-B596-4C0B-BD92-013BEAFCE793} to the user ChanceH-HP\Chance H SID (S-1-5-21-3668311245-4186814924-2407364857-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/1/2014 3:28:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 110.6.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/1/2014 3:28:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.439.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/1/2014 3:28:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.439.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/1/2014 3:28:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.439.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/1/2014 3:18:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 110.6.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/1/2014 3:18:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.439.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/1/2014 3:18:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.439.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/1/2014 3:18:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.439.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/1/2014 3:18:36 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
3/1/2014 3:18:34 PM, Error: Service Control Manager [7000] - The WinPcap Packet Driver (NPF) service failed to start due to the following error: The system cannot find the file specified.
3/1/2014 3:18:24 PM, Error: Service Control Manager [7000] - The vToolbarUpdater15.3.0 service failed to start due to the following error: The system cannot find the file specified.
2/24/2014 7:38:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.439.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/24/2014 7:27:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.439.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/23/2014 6:01:51 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================




GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-01 21:04:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GU00 931.51GB
Running: l2jx3j0w.exe; Driver: C:\Users\CHANCE~1\AppData\Local\Temp\pwtirkog.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76]
.text C:\Windows\SysWOW64\rundll32.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76]
.text ... * 2
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76]
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76]
.text ... * 2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76]
.text ... * 2
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2996] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76]
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2996] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76]
.text ... * 2
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[5164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76]
.text ... * 2
.text C:\Program Files (x86)\Inbox Toolbar\Inbox.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76]
.text C:\Program Files (x86)\Inbox Toolbar\Inbox.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000761c1465 2 bytes [1C, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761c14bb 2 bytes [1C, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2824] 0000000077092e25
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2836] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2840] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2844] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2848] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2852] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2856] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2860] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2864] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2868] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2872] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2876] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2888] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2892] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2896] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2900] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2940] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2944] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2960] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:1480] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2100] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2208] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2272] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:1224] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:1228] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:1232] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2480] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:2488] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3144] 0000000077093e45
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3156] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3252] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3348] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3352] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3360] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3364] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3368] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3372] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3376] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3380] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3384] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3388] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:3396] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2792:6960] 0000000077093e45
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3448] 0000000077093e45
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3548] 0000000077092e25
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3608] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3612] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3616] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3620] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3624] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3628] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3632] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3636] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3640] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3644] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3648] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3652] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3656] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3660] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3664] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3668] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3672] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3676] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3684] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3688] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3692] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3708] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3712] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3716] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3720] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3724] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3728] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3732] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3736] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3844] 0000000077093e45
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3908] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3920] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:3936] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:4016] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:4024] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:4040] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:6640] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:848] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:6540] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:4588] 0000000072a029e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3416:5380] 0000000072a029e1
---- Processes - GMER 2.1 ----

Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D18037A4-1FBF-4024-BEB9-4EE2366BB491}\mpengine.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [992] 000007fefa580000
Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D18037A4-1FBF-4024-BEB9-4EE2366BB491}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [992] 000007fef6620000
Library C:\PROGRA~3\WebTouch\WEBTOU~1.DLL (*** suspicious ***) @ C:\Windows\system32\rundll32.exe [2064](2014-02-03 19:22:06) 000007fef83b0000
Library c:\progra~3\webtouch\webtouch.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2108](2014-02-03 19:22:05) 0000000071ad0000
Library c:\progra~3\webtouch\WebTouchSvc.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2108](2014-02-03 19:22:06) 0000000071a50000
Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2340] (FreemakeUtilsService/Freemake)(2012-11-25 22:26:20) 0000000001140000
Process C:\Users\Chance H\AppData\Local\GCC\Controller.exe (*** suspicious ***) @ C:\Users\Chance H\AppData\Local\GCC\Controller.exe [3096](2014-01-22 04:41:34) 0000000000170000
Process C:\Users\Chance H\AppData\Local\GCC\Controller.exe (*** suspicious ***) @ C:\Users\Chance H\AppData\Local\GCC\Controller.exe [4960](2014-01-22 04:41:34) 0000000000170000
Library c:\progra~3\webtouch\webtouch.dll (*** suspicious ***) @ C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe [5272](2014-02-03 19:22:05) 0000000071ad0000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3395C2D7-70A8-4437-B701-F0D728337984}\Connection@Name isatap.{C572C16D-3E78-4AE6-B75F-4E1FBA4FA406}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{4C8B6CD4-3774-4AED-92E0-A49CC7AE8838}?\Device\{384D5FFE-9D14-44DF-8CF8-E5DD64B3C526}?\Device\{3395C2D7-70A8-4437-B701-F0D728337984}?\Device\{A9D5F830-A94D-4C31-A7B1-D1DB3DE30A5A}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{4C8B6CD4-3774-4AED-92E0-A49CC7AE8838}"?"{384D5FFE-9D14-44DF-8CF8-E5DD64B3C526}"?"{3395C2D7-70A8-4437-B701-F0D728337984}"?"{A9D5F830-A94D-4C31-A7B1-D1DB3DE30A5A}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{4C8B6CD4-3774-4AED-92E0-A49CC7AE8838}?\Device\TCPIP6TUNNEL_{384D5FFE-9D14-44DF-8CF8-E5DD64B3C526}?\Device\TCPIP6TUNNEL_{3395C2D7-70A8-4437-B701-F0D728337984}?\Device\TCPIP6TUNNEL_{A9D5F830-A94D-4C31-A7B1-D1DB3DE30A5A}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3395C2D7-70A8-4437-B701-F0D728337984}@InterfaceName isatap.{C572C16D-3E78-4AE6-B75F-4E1FBA4FA406}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3395C2D7-70A8-4437-B701-F0D728337984}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 15263
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 7053

---- EOF - GMER 2.1 ----

adware

March 1, 2014, 8:11 pm
$
0
0
hi all. am wondering if i can get some help. i have recently started using google chrome as my default browser, used to use, and still do at times use windows browser. ever since i have loaded chrome have had nothing but trouble with pop up adds and adware. is there any way to fix this problem. i used to be able to play wgt golf on windows browser, but now it is ruined by adds popping up. cannot play it on chrome as meter jumps uncontrollably. any help would be appreciated. ty's

file system NTFS - disk checking has been canceled " please help

February 27, 2014, 8:52 am
$
0
0
whenever I start my computer it says -

1.Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

Disk checking has been canceled.

2.when It starts again and I try to click on help and support it says

" Windows Help and support can't start : there is a problem with windows help and support "

3.when I run command - fsutil dirty query c: on command prompt
it says " volume c: - is dirty "

4. when i run chkdsk using cmd it shows this result -

C:\Windows\system32>fsutil dirty query c:
Volume - c: is Dirty

C:\Windows\system32>chkdsk c:
The type of the file system is NTFS.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
212224 file records processed.
File verification completed.
1076 large file records processed.
0 bad file records processed.
4 EA records processed.
57 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
270862 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 3)...
212224 file SDs/SIDs processed.
Security descriptor verification completed.
29320 data files processed.
CHKDSK is verifying Usn Journal...
310104568 USN bytes processed.
Usn Journal verification completed.
The volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

299597823 KB total disk space.
106203508 KB in 150743 files.
115508 KB in 29321 indexes.
0 KB in bad sectors.
594519 KB in use by the system.
65536 KB occupied by the log file.
192684288 KB available on disk.

4096 bytes in each allocation unit.
74899455 total allocation units on disk.
48171072 allocation units available on disk.

C:\Windows\system32> chkdsk /f
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) y

This volume will be checked the next time the system restarts.

when I start my system again it again says -
"The type of the file system is NTFS.
Volume label is OS.

Disk checking has been canceled."

5. In event viewer if i try to open windows logs
it gives " MMC has detected an error in a snap in and will unload it "

what do i do please I need help :confused:
Search

possible virus on a machine that was given to me

March 2, 2014, 6:51 pm
$
0
0
it is possible that I might have a virus with a dell machine running vista home basic 32-bit. my son-in-law received the machine from his brother. he asked me to look at because his brother said it was running slow. when I booted up the machine, pc cleanup software from all kids of vendors started running as well as backup software and various other software programs. I tried to launch MSCONFIG but nothing happens. I tried to go to internet explorer but it takes to a search.conduit.com. I have downloaded, run and pasted the results from the programs that are requested when you open a new thread. please let me know if there is anything else that you need.
I do have the following CD if that is any help -
Re installation DVD Windows vista - home basic 32bit (This software is already installed on your machine. only use this to reinstall the operating system on a dell-PC.)


the GMER program ran forever and was checking alot of the files in the tempoary internet files folder. I can't remove the files because I can;'t get to the tools in IE to activate the menu bar to get to the internet options to delete the files. I can't seem to find the folder when I bring up explorer. I have option set to display the hidden and system files but I cannot see the directory.

I finally cancelled the GMER process after about 4 hours. I have attached the arc.txt


highjack log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:16:02 PM, on 3/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Sendori\SendoriTray.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\GEORGE-APRIL\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Users\GEORGE-APRIL\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33...4E77CCAE&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={3185336F-8DAD-11E2-9BD3-001E4F46CBAD}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: CrossriderApp0049004 - {11111111-1111-1111-1111-110411901104} - C:\Program Files\Feven 1.8\Feven 1.8-bho.dll
O2 - BHO: (no name) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - (no file)
O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (file missing)
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - (no file)
O2 - BHO: WhiteSmoke New - {739df940-c5ee-4bab-9d7e-270894ae687a} - (no file)
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: InternetHelper3 - {b920380d-fbe7-45c7-96ab-37e9870a566c} - (no file)
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - (no file)
O2 - BHO: (no name) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - (no file)
O2 - BHO: (no name) - {c4b22c87-45ef-4f43-89f2-40db2078864e} - (no file)
O2 - BHO: Updater By SweetPacks Helper - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - (no file)
O2 - BHO: Music Remote BHO - {CA6D5FD2-AD35-44F8-AFEF-B36C908CE901} - C:\Program Files\Music Remote\1.0\KangoBHO.dll
O2 - BHO: ConnectSo - {cc1bef2d-0428-46d8-b1f4-492e1b206099} - (no file)
O2 - BHO: (no name) - {df22384f-cf68-4d19-969f-10423715528b} - (no file)
O2 - BHO: Gameoff-games - {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files\Gameoff-games\prxtbGame.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: MixiDJ V5 - {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - (no file)
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll (file missing)
O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (file missing)
O3 - Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Gameoff-games Toolbar - {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files\Gameoff-games\prxtbGame.dll
O3 - Toolbar: Music Remote - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - C:\Program Files\Music Remote\1.0\KangoBHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files\Sendori\SendoriTray.exe"
O4 - HKLM\..\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
O4 - HKCU\..\Run: [StartNow Search Protect] "C:\Program Files\StartNow Toolbar\search_protect.exe" /REPORT /PROTECT /RELAY
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\GEORGE-APRIL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendori.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} (ooVooWebCtrl Class) - https://oovoowww3-a.akamaihd.net/oov...c/ooVooWeb.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files\Sendori\SendoriSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\GEORGE-APRIL\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DealPly Live Service (dealplylive) (dealplylive) - DealPly Technologies Ltd - C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
O23 - Service: DealPly Live Service (dealplylivem) (dealplylivem) - DealPly Technologies Ltd - C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\GEORGE-APRIL\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MgAssist Service (MgAssistService) - Unknown owner - C:\Program Files\Mobogenie\MgAssist.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Service Sendori - sendori - C:\Program Files\Sendori\Sendori.Service.exe
O23 - Service: sndappv2 - Sendori - C:\Program Files\Sendori\sndappv2.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe (file missing)
O23 - Service: WajamUpdaterV3 - Unknown owner - C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11366 bytes
DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533
Run by GEORGE-APRIL at 20:16:40 on 2014-03-01
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2046.866 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\GEORGE-APRIL\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mobogenie\MgAssist.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Sendori\SendoriTray.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\GEORGE-APRIL\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Yontoo\Y2Desktop.Updater.exe
C:\Program Files\Sendori\SendoriSvc.exe
C:\Program Files\Sendori\Sendori.Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sendori\SendoriUp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sendori\sndappv2.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3308837&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8C8B0 D8C-9322-400A-837D-F7814E77CCAE&SSPV=
uSearch Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={3185336F-8DAD-11E2-9BD3-001E4F46CBAD}
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidoo&dpid=GOB1&co=US&userid=14a0f4e9-65e8-39b4-e728-b1b0db2f9f5f&searchtype=ds&q={searchTerms}&installDate=22/11/2013
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} -
mURLSearchHooks: {b920380d-fbe7-45c7-96ab-37e9870a566c} - <orphaned>
mURLSearchHooks: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - <orphaned>
mURLSearchHooks: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
mURLSearchHooks: {cc1bef2d-0428-46d8-b1f4-492e1b206099} - <orphaned>
mURLSearchHooks: Gameoff-games Toolbar: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - c:\program files\gameoff-games\prxtbGame.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: Feven 1.8: {11111111-1111-1111-1111-110411901104} - c:\program files\feven 1.8\Feven 1.8-bho.dll
BHO: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - <orphaned>
BHO: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} -
BHO: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - <orphaned>
BHO: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
BHO: {7F6AFBF1-E065-4627-A2FD-810366367D01} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {b920380d-fbe7-45c7-96ab-37e9870a566c} - <orphaned>
BHO: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - <orphaned>
BHO: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - <orphaned>
BHO: {c4b22c87-45ef-4f43-89f2-40db2078864e} - <orphaned>
BHO: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - <orphaned>
BHO: Music RemoteBHO: {CA6D5FD2-AD35-44F8-AFEF-B36C908CE901} - c:\program files\music remote\1.0\KangoBHO.dll
BHO: {cc1bef2d-0428-46d8-b1f4-492e1b206099} - <orphaned>
BHO: {df22384f-cf68-4d19-969f-10423715528b} - <orphaned>
BHO: Gameoff-games Toolbar: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - c:\program files\gameoff-games\prxtbGame.dll
BHO: {EEE6C35C-6118-11DC-9C72-001320C79847} - <orphaned>
BHO: {f6f0f973-a4a3-48cf-9a7a-b7a69c30d71a} - <orphaned>
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Music Remote: {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - c:\program files\music remote\1.0\KangoBHO.dll
TB: Gameoff-games Toolbar: {E1514FAA-0F36-4330-8590-EA8C9C0A903F} - c:\program files\gameoff-games\prxtbGame.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
TB: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} -
TB: Gameoff-games Toolbar: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - c:\program files\gameoff-games\prxtbGame.dll
TB: Music Remote: {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - c:\program files\music remote\1.0\KangoBHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [StartNow Search Protect] "c:\program files\startnow toolbar\search_protect.exe" /REPORT /PROTECT /RELAY
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Facebook Update] "c:\users\george-april\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Driver Pro] c:\program files\driver pro\DPLauncher.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [Sendori Tray] "c:\program files\sendori\SendoriTray.exe"
mRun: [TotalRecipeSearch_14 Browser Plugin Loader] c:\progra~1\totalr~2\bar\1.bin\14brmon.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
LSP: c:\windows\system32\Sendori.dll
DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxps://oovoowww3-a.akamaihd.net/oovoomelink/oovoome/webvc/ooVooWeb.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254 192.168.0.1 192.168.1.254
TCP: Interfaces\{863821CC-9765-4BD2-A7B0-DAEA71B49234} : DHCPNameServer = 192.168.1.254 192.168.0.1 192.168.1.254
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: k9filter.exe - svchost.exe
IFEO: MpCmdRun.exe - svchost.exe
IFEO: MpUXSrv.exe - svchost.exe
IFEO: MSASCui.exe - svchost.exe
IFEO: msconfig.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2012-1-3 4608]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-14 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-14 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-28 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-28 410784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
R2 Application Sendori;Application Sendori;c:\program files\sendori\SendoriSvc.exe [2013-7-1 119072]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-28 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-28 50344]
R2 BackupService;BackupService;c:\users\george-april\appdata\roaming\hp simplesave application\uUACTokenSvc.exe [2011-12-28 83512]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-1-3 21504]
R2 MgAssistService;MgAssist Service;c:\program files\mobogenie\MgAssist.exe [2014-1-22 63168]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2013-7-11 132504]
R2 Service Sendori;Service Sendori;c:\program files\sendori\Sendori.Service.exe [2013-7-1 22304]
R2 sndappv2;sndappv2;c:\program files\sendori\sndappv2.exe [2013-7-1 3623200]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-3-15 23552]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 dealplylive;DealPly Live Service (dealplylive);c:\program files\dealplylive\update\DealPlyLive.exe [2013-11-25 148000]
S2 DefaultTabUpdate;DefaultTabUpdate;"c:\users\george-april\appdata\roaming\defaulttab\defaulttab\dtupdate.exe" --> c:\users\george-april\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [?]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S2 WajamUpdaterV3;WajamUpdaterV3;"c:\program files\wajam\updater\wajamupdaterv3.exe" --> c:\program files\wajam\updater\WajamUpdaterV3.exe [?]
S3 dealplylivem;DealPly Live Service (dealplylivem);c:\program files\dealplylive\update\DealPlyLive.exe [2013-11-25 148000]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2014-1-15 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
ShellExec: vlc.exe: Open="c:\program files\easy media player\emp.exe" --started-from-file "%1"
.
=============== Created Last 30 ================
.
2014-03-01 23:08:14 -------- d-----w- c:\users\george-april\appdata\roaming\SUPERAntiSpyware.com
2014-03-01 23:08:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-03-01 23:08:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-02-28 04:51:52 -------- d-----w- C:\Boot
2014-02-26 23:24:09 -------- d-----w- c:\windows\Migration
2014-02-12 13:50:09 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-01-31 14:45:15 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4a4b5940-859e-4358-a446-cf215f4fec9c}\mpengine.dll
.
==================== Find3M ====================
.
2014-03-02 00:45:55 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-03-01 22:58:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-01 22:58:31 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-01 22:58:31 43152 ----a-w- c:\windows\avastSS.scr
2014-03-01 22:58:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-21 17:53:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 17:53:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 17:53:06 8835464 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-22 22:29:09 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-01-22 22:29:09 53152 ----a-w- c:\windows\system32\USBCoInstaller.dll
2014-01-22 22:29:09 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-12-18 11:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-08 08:50:02 0 ----a-w- C:\LILE82C.tmp
2013-12-08 08:50:01 0 ----a-w- C:\LILE7AF.tmp
2013-12-08 08:50:01 0 ----a-w- C:\LILE7A0.tmp
2013-12-08 08:49:41 1169609 ----a-w- c:\windows\unins000.exe
.
============= FINISH: 20:17:14.61 ===============
attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/28/2011 4:00:23 PM
System Uptime: 3/1/2014 7:09:24 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket AM2 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 91.885 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.943 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: k9filter.exe - svchost.exe
IFEO: MpCmdRun.exe - svchost.exe
IFEO: MpUXSrv.exe - svchost.exe
IFEO: MSASCui.exe - svchost.exe
IFEO: msconfig.exe - svchost.exe
IFEO: msmpeng.exe - svchost.exe
IFEO: msseces.exe - svchost.exe
.
==== Installed Programs ======================
.
3D Fish School Screen Saver 4.991
3D Volcano ScreenSaver
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.9)
AOL Toolbar
ArcadeCandy
avast! Free Antivirus
Bird Hunter 2003
Bonjour
Cabela's Dangerous Hunts
ConnectSo Toolbar for IE
Coupon Printer for Windows
CouponBar
Dealply
DealPly (remove only)
Deer's Revenge
Deer's Revenge XP Sp2 Fix
Deer Drive
Deer Hunt Challenge SE
Deer Hunter
Deer Hunter - The 2005 Season
DefaultTab
Delta toolbar
Download Updater (AOL Inc.)
Driver Pro v3.0
DriverUpdate
EA Network Play System
Easy Media Player 1.1.12
ExFriendAlert
Facebook Video Calling 2.0.0.447
Feven 1.8
Flash Player Pro V5.4
FlashPlayer
Gameoff-games Toolbar for IE
GameSpy Arcade
GetSavin
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hunting Unlimited
iLivid
InfoAtoms
Internet Explorer Toolbar 4.7 by SweetPacks
IWantThis
JFileManager
jollywallet
KODAK Share Button App
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobogenie
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Remote
Music remote Addon (remove only)
NewPlayer
Norton PC Checkup
Oddly Enough - Pied Piper
PlayFizz
Plus-HD-1.2
RingtoneJunkiez Desktop
ScorpionSaver
Search-Results Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Sendori
Snap.Do
Snap.Do Engine
Software Updater version 1.8.3
Software Version Updater
StartNow Toolbar
Strongvault Online Backup
SUPERAntiSpyware
Torch
Turkey Hunter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Updater By SweetPacks 2.0.0.566
USA Bass
Video Downloader version 1.9.1.12
VideoPlayer v2.0.6
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Wizard101
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 2.05
.
==== Event Viewer Messages From Past Week ========
.
3/1/2014 8:00:06 AM, Error: Service Control Manager [7034] - The sndappv2 service terminated unexpectedly. It has done this 1 time(s).
3/1/2014 7:45:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iSafeNetFilter Null
3/1/2014 7:45:52 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the sndappv2 service to connect.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7000] - The WajamUpdaterV3 service failed to start due to the following error: The system cannot find the path specified.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7000] - The sndappv2 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/1/2014 7:44:13 PM, Error: Service Control Manager [7000] - The DefaultTabUpdate service failed to start due to the following error: The system cannot find the path specified.
3/1/2014 6:48:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null
3/1/2014 6:46:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
3/1/2014 6:46:18 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC iSafeNetFilter NetBIOS netbt nsiproxy Null PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6 ws2ifsl
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/1/2014 6:42:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/1/2014 6:42:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/1/2014 6:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/1/2014 6:42:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/1/2014 6:41:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/1/2014 6:41:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/1/2014 5:53:06 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
3/1/2014 5:53:05 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 001E4F46CBAD has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
3/1/2014 5:50:13 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 9:20:01 PM, Error: EventLog [6008] - The previous system shutdown at 9:13:52 PM on 2/27/2014 was unexpected.
2/27/2014 8:03:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
2/27/2014 8:03:50 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/27/2014 7:30:52 PM, Error: EventLog [6008] - The previous system shutdown at 6:43:21 PM on 2/27/2014 was unexpected.
2/25/2014 9:08:13 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP SimpleSave.
2/25/2014 9:08:13 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume F:.
2/25/2014 9:04:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001E4F46CBAD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
2/23/2014 7:56:28 PM, Error: EventLog [6008] - The previous system shutdown at 10:48:39 PM on 2/22/2014 was unexpected.
.
==== End Of File ===========================

ark.txt
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-02 21:49:26
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000051 ST325031 rev.3.AD 232.83GB
Running: z7ph4iyj.exe; Driver: C:\Users\GEORGE~1\AppData\Local\Temp\kwtyruow.sys


---- System - GMER 2.1 ----

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8D4FAACC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8D4FB5AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8D507692]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8D5076DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8D507878]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8D507600]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x8DE16426]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8D507648]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8D4FBAE0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8D507832]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8D4FC398]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8D4FAB32]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8D4FFBE4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8D4FA71E]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8DE16506]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8D4FAB98]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8D4FFFDA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8D4FCEDE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8D5076BC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8D507700]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8D50789C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8D507626]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8D4FF4DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8D5077B0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8D507670]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8D4FF8C6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8D507856]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8DE162AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8D4FCCF4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8D4FC84A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8D4FABFE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8D4FAC64]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8DE16602]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8D4FA7B8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8D4FA98A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8D4FA918]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8D4FC562]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8D4FC6C4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8D4FAA12]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x8DE16378]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8D4FC1F2]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8D4FACCA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8D4FB606]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8D4FBCFC]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 828FB758 4 Bytes [CC, AA, 4F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 191 828FB7DC 4 Bytes [AA, B5, 4F, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828FB81C 8 Bytes [92, 76, 50, 8D, DE, 76, 50, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 828FB828 4 Bytes [78, 78, 50, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828FB840 4 Bytes [00, 76, 50, 8D]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A8900F 4 Bytes CALL 8D4FD5C5 \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A8CC83 4 Bytes CALL 8D4FD5DB \??\C:\Windows\system32\drivers\aswSnx.sys
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C803000, 0x3BEEC5, 0xE8000020]
? C:\Users\GEORGE~1\AppData\Local\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\taskeng.exe[12] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\Explorer.EXE[272] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[484] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[556] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\wininit.exe[564] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 001401F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 001403FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2816] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[2832] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Mobogenie\DaemonProcess.exe[2872] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2908] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2928] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 002A01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 002A03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtCreateFile + 6 77BD426A 4 Bytes [28, 0C, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtCreateFile + B 77BD426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtMapViewOfSection + 6 77BD49BA 4 Bytes [28, 0F, 24, 00] {SUB [EDI], CL; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtMapViewOfSection + B 77BD49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenFile + 6 77BD4A4A 4 Bytes [68, 0C, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenFile + B 77BD4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcess + 6 77BD4ACA 4 Bytes [A8, 0D, 24, 00] {TEST AL, 0xd; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcess + B 77BD4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcessToken + B 77BD4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcessTokenEx + 6 77BD4AEA 4 Bytes [A8, 0E, 24, 00] {TEST AL, 0xe; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenProcessTokenEx + B 77BD4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThread + 6 77BD4B3A 4 Bytes [68, 0D, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThread + B 77BD4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThreadToken + 6 77BD4B4A 4 Bytes [68, 0E, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThreadToken + B 77BD4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtOpenThreadTokenEx + B 77BD4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtQueryAttributesFile + 6 77BD4BEA 4 Bytes [A8, 0C, 24, 00] {TEST AL, 0xc; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtQueryAttributesFile + B 77BD4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtQueryFullAttributesFile + B 77BD4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtSetInformationFile + 6 77BD517A 4 Bytes [28, 0D, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtSetInformationFile + B 77BD517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtSetInformationThread + 6 77BD51CA 4 Bytes [28, 0E, 24, 00] {SUB [ESI], CL; AND AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtSetInformationThread + B 77BD51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtUnmapViewOfSection + 6 77BD546A 4 Bytes [68, 0F, 24, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] ntdll.dll!NtUnmapViewOfSection + B 77BD546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4252] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\taskmgr.exe[4528] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 004501F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 004503FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateFile + 6 77BD426A 4 Bytes [28, D0, 30, 00] {SUB AL, DL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateFile + B 77BD426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + 6 77BD49BA 4 Bytes [28, D3, 30, 00] {SUB BL, DL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection + B 77BD49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenFile + 6 77BD4A4A 4 Bytes [68, D0, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenFile + B 77BD4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcess + 6 77BD4ACA 4 Bytes [A8, D1, 30, 00] {TEST AL, 0xd1; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcess + B 77BD4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessToken + B 77BD4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + 6 77BD4AEA 4 Bytes [A8, D2, 30, 00] {TEST AL, 0xd2; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenProcessTokenEx + B 77BD4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThread + 6 77BD4B3A 4 Bytes [68, D1, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThread + B 77BD4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + 6 77BD4B4A 4 Bytes [68, D2, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadToken + B 77BD4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenThreadTokenEx + B 77BD4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + 6 77BD4BEA 4 Bytes [A8, D0, 30, 00] {TEST AL, 0xd0; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryAttributesFile + B 77BD4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryFullAttributesFile + B 77BD4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationFile + 6 77BD517A 4 Bytes [28, D1, 30, 00] {SUB CL, DL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationFile + B 77BD517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationThread + 6 77BD51CA 4 Bytes [28, D2, 30, 00] {SUB DL, DL; XOR [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtSetInformationThread + B 77BD51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + 6 77BD546A 4 Bytes [68, D3, 30, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtUnmapViewOfSection + B 77BD546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 005101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 005103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtCreateFile + 6 77BD426A 4 Bytes [28, CC, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtCreateFile + B 77BD426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtMapViewOfSection + 6 77BD49BA 4 Bytes [28, CF, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtMapViewOfSection + B 77BD49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenFile + 6 77BD4A4A 4 Bytes [68, CC, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenFile + B 77BD4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcess + 6 77BD4ACA 4 Bytes [A8, CD, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcess + B 77BD4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessToken + B 77BD4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessTokenEx + 6 77BD4AEA 4 Bytes [A8, CE, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessTokenEx + B 77BD4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThread + 6 77BD4B3A 4 Bytes [68, CD, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThread + B 77BD4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadToken + 6 77BD4B4A 4 Bytes [68, CE, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadToken + B 77BD4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadTokenEx + B 77BD4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryAttributesFile + 6 77BD4BEA 4 Bytes [A8, CC, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryAttributesFile + B 77BD4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryFullAttributesFile + B 77BD4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationFile + 6 77BD517A 4 Bytes [28, CD, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationFile + B 77BD517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationThread + 6 77BD51CA 4 Bytes [28, CE, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationThread + B 77BD51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtUnmapViewOfSection + 6 77BD546A 4 Bytes [68, CF, 4B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtUnmapViewOfSection + B 77BD546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5544] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[5844] kernel32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!LdrLoadDll 77B99378 5 Bytes JMP 00D801F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!LdrUnloadDll 77BAB680 5 Bytes JMP 00D803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtCreateFile + 6 77BD426A 4 Bytes [28, 9C, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtCreateFile + B 77BD426F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtMapViewOfSection + 6 77BD49BA 4 Bytes [28, 9F, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtMapViewOfSection + B 77BD49BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenFile + 6 77BD4A4A 4 Bytes [68, 9C, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenFile + B 77BD4A4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcess + 6 77BD4ACA 4 Bytes [A8, 9D, D2, 00] {TEST AL, 0x9d; ROL [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcess + B 77BD4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessToken + B 77BD4ADF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessTokenEx + 6 77BD4AEA 4 Bytes [A8, 9E, D2, 00] {TEST AL, 0x9e; ROL [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessTokenEx + B 77BD4AEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThread + 6 77BD4B3A 4 Bytes [68, 9D, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThread + B 77BD4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadToken + 6 77BD4B4A 4 Bytes [68, 9E, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadToken + B 77BD4B4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadTokenEx + B 77BD4B5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryAttributesFile + 6 77BD4BEA 4 Bytes [A8, 9C, D2, 00] {TEST AL, 0x9c; ROL [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryAttributesFile + B 77BD4BEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryFullAttributesFile + B 77BD4C9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationFile + 6 77BD517A 4 Bytes [28, 9D, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationFile + B 77BD517F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationThread + 6 77BD51CA 4 Bytes [28, 9E, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationThread + B 77BD51CF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtUnmapViewOfSection + 6 77BD546A 4 Bytes [68, 9F, D2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtUnmapViewOfSection + B 77BD546F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6092] KERNEL32.dll!GetBinaryTypeW + 70 763E2447 1 Byte [62]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- EOF - GMER 2.1 ----

Virus/Malware removal

March 3, 2014, 9:18 am
$
0
0
How can I remove the following virus/malware which has suddenly invaded my computer?

The problem Virus/Malware is:
Conduit Search Protect which has suddenly taken over my browser home page.

Does anyone know how I can get rid of this thing. I have no idea what it is or where it has come from.

I have Norton 360 Internet Security package installed but is hasn't picked this up.

Has anyone else had a problem with this?

All help to get rid of it and how to stop it coming back is very much appreciated.

Got Rid of the Malware, but now no Internet!

March 3, 2014, 5:44 pm
$
0
0
Working on a family member's machine who got infected with a search.net browser hijacker along with a few other nasty little bugs. It appears that all of the malware was removed successfully, however I cannot seem to get any of the web browser to work and the wireless connectivity will not respond at all. We have contacted the manufacturer for support and (somehow) they could not help us.

I followed these instructions (for the most part): http://malwaretips.com/blogs/www-search-net-removal/

I will have to transfer my logs over to this forum. But i fear in my pleasure at success with eliminating the problem, I deleted the logs (Oh crap!)

Any assistance is appreciated. The laptop details that I can access at the moment are:

Lenovo IdeaPad Z580
Model Name: 20135
OS: Windows 8

Thanks.

computer very slow

March 3, 2014, 6:32 pm
$
0
0
When in safe mode there was a internet file name howcrypt and computer started running very slow every thing files internet etc

problems with viruses and spyware

March 4, 2014, 5:18 am
$
0
0
i keep getting a reported phishing site coming up on screen. it says its static.webimpresion.com. and google has stopped it for security purposes. is there a way of getting rid of this for good. also i have been having firewall problems dont know if this is connected

"RunDLL" Error

March 4, 2014, 11:35 am
$
0
0
So every time I start up my computer, I'm getting an error that says

"There was a problem starting C:\Users\Nic\AppData\Roaming\ValueApps\CH\TBVerifier.dll
The specified module could not be found."

It's been there for about a week, and everything (Chrome, Windows Media Player, Games, etc.) is constantly "not responding" and/or running very slow. Even more so when I play games.
I've tried MalwareBytes, and AVG. However the error still pops up on start up, and after about a day, most, if not all of the Malware is back. It's getting very frustrating so if someone could help me with this that'd be great.

Thanks in advance!

Quirky Computer

March 4, 2014, 11:40 am
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3060 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 320 Mb
Hard Drives: C: Total - 292411 MB, Free - 160387 MB; D: Total - 12831 MB, Free - 1803 MB;
Motherboard: MSI, Boston
Antivirus: Microsoft Security Essentials, Updated and Enabled


Hello Tech Guys,

Over the past several weeks my computer has been just a little quirky. There have been times when I boot up the system and all the desktop icons are in a different place, as well as color changes in appearance and toolbars and taskbars that disappear. When this happens I run Malwarebytes. Once or twice threats were found and deleted, but not always. Also, while browsing last week I was alerted through Microsoft Essentials that it had encountered a threat. I closed my browser and again rain Malwarebytes, but nothing was discovered.

Two evenings ago my husband downloaded the YTD app. The next morning when he booted up the computer both Chrome and IE were opened to Yahoo, along with a new toolbar. Obviously he had agreed to this in the download without knowing it, but the system was running exceptionally slowly. Malwarebytes then picked up 18 threats which I deleted. After that, the system still seemed slow, along with my tabs in IE not working properly. Also, I lost my google search on the toolbar. So I decided to do a system restore. The first point failed because of an error. I chose another point and it failed as well. So obviously something is amiss.

I would appreciate your help in looking to see if there are indeed some incidious programs that have escaped detection.

Thanks a lot.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:51 AM, on 3/4/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Spellex\Spellex for 2007 Microsoft Office\spellex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Tammy\AppData\Local\Apps\2.0\NQ2J0BBW.BM4\VOJBP39J.EJY\amaz..tion_ f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\Tammy\AppData\Local\Apps\2.0\NQ2J0BBW.BM4\VOJBP39J.EJY\amaz..tion_ f2fa081ea2183235_0002.0000_52f6f5477bfc400b\LocalServiceJre\bin\AmazonCloud DriveW.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tammy\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Spellex Speller] "C:\Program Files\Spellex\Spellex for 2007 Microsoft Office\spellex.exe" /APP
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Amazon Cloud Drive.lnk = C:\Users\Tammy\AppData\Local\Apps\2.0\NQ2J0BBW.BM4\VOJBP39J.EJY\amaz..tion_ f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://my.ohiohealth.com/,DanaInfo=DOMINO3+dwa8W.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...l_4.5.15.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://my.ohiohealth.com/dana-cache...etupClient.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: SpellExTimeSvc - Unknown owner - C:\Program Files\Spellex\Spellex for 2007 Microsoft Office\spellex.exe
--
End of file - 12670 bytes


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533 BrowserJavaVersion: 10.45.2
Run by Tammy at 7:51:25 on 2014-03-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1335 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Spellex\Spellex for 2007 Microsoft Office\spellex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Spellex\Spellex for 2007 Microsoft Office\spellex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Tammy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Tammy\AppData\Local\Apps\2.0\NQ2J0BBW.BM4\VOJBP39J.EJY\amaz..tion_ f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Users\Tammy\AppData\Local\Apps\2.0\NQ2J0BBW.BM4\VOJBP39J.EJY\amaz..tion_ f2fa081ea2183235_0002.0000_52f6f5477bfc400b\LocalServiceJre\bin\AmazonCloud DriveW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uProxyOverride = 127.0.0.1:9421;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0552.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0552.0\msneshellx.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [Google Update] "c:\users\tammy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Amazon Cloud Player] "c:\users\tammy\appdata\local\amazon cloud player\Amazon Music Helper.exe"
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Remote Software] c:\program files\hewlett-packard\hp remote\HP REMOTE V1.0.5.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Spellex Speller] "c:\program files\spellex\spellex for 2007 microsoft office\spellex.exe" /APP
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
StartupFolder: c:\users\tammy\appdata\roaming\micros~1\windows\startm~1\programs\startup\a mazon~1.lnk - c:\users\tammy\appdata\local\apps\2.0\nq2j0bbw.bm4\vojbp39j.ejy\amaz..tion_ f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
StartupFolder: c:\users\tammy\appdata\roaming\micros~1\windows\startm~1\programs\startup\w kcalrem.lnk - c:\program files\microsoft works\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\wpclsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://my.ohiohealth.com/,DanaInfo=DOMINO3+dwa8W.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://my.ohiohealth.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{711F7413-3DFC-4284-874F-6861FA6D68EF} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104768]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-8 144672]
R2 SpellExTimeSvc;SpellExTimeSvc;c:\program files\spellex\spellex for 2007 microsoft office\spellex.exe [2007-9-12 279864]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2013-8-7 78960]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2013-8-7 18800]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-8-7 266240]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-9-28 645120]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2013-9-5 227904]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-9-7 13464]
S4 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2010-3-2 77824]
.
=============== Created Last 30 ================
.
2014-03-03 22:29:32 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{33afa283-a9db-48a5-8312-2e1b5495088c}\mpengine.dll
2014-03-03 01:18:30 -------- d-----w- c:\users\tammy\appdata\local\Slick Savings
2014-03-03 01:17:56 -------- d-----w- c:\program files\common files\Spigot
2014-03-02 19:16:28 7947048 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-01 13:22:28 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{094806a6-7fc1-4779-b5f4-35bcf04c900e}\gapaengine.dll
2014-02-12 10:37:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
==================== Find3M ====================
.
2014-02-21 01:27:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 01:27:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 7:52:21.02 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2009 8:11:48 PM
System Uptime: 3/4/2014 7:41:25 AM (0 hours ago)
.
Motherboard: MSI | | Boston
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | Socket 775 | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 159.437 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.761 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Adobe Shockwave Player 11.6
AIO_CDA_Software
AIO_Scan
Amazon Cloud Drive
Amazon Cloud Player
Amazon MP3 Downloader 1.0.17
Amazon MP3 Uploader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Big City Adventure - New York City
Big City Adventure - San Francisco
Big City Adventure Tokyo
Big City Adventures Paris
Big Kahuna Reef 2
Brother MFL-Pro Suite MFC-7360N
BufferChm
Cake Mania - Lights, Camera, Action!(TM)
Cake Mania: To the Max
Carbonite
Carbonite Online Backup Setup
CCleaner
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
Default Manager
Destinations
DeviceManagementQFolder
DirectX for Managed Code Update (Summer 2004)
Dr. Wise - Medical Mysteries
Dream Day First Home
Dream Day True Love
Dream Day Wedding
Dream Day Wedding - Bella Italia
Dream Day Wedding - Viva Las Vegas!
Dream Day Wedding 2 - Married in Manhattan
Elizabeth Find MD Diagnosis Mystery: Season 2
ESET Online Scanner v3
eSupportQFolder
Fax
Gardenscapes
Gardenscapes 2 Collector's Edition
Gardenscapes: Mansion Makeover
Google Chrome
Google Drive
Google Earth
Google Update Helper
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Imaging Device Functions 8.0
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Picasso Media Center Add-In
HP Product Assistant
HP Recovery Manager RSS
HP Remote Software
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 45
Java Auto Updater
LabelPrint
LightScribe System Software
Linksys Wireless Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Musicnotes Software Suite 1.7.2
Noise Reduction Plug-in 2.0i
Norton Internet Security
Nuance PaperPort 12
Nuance PDF Viewer Plus
Octoshape Streaming Services
OGA Notifier 2.0.0048.0
Pandora
PaperPort Image Printer
PictureMover
Power2Go
PowerDirector
Pure Networks Platform
Python 2.6 pywin32-212
Python 2.6.1
QuickTime
Realtek High Definition Audio Driver
Sally's Salon
Sally's Spa
Sally's Studio Premium Edition
Scan
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Sierra Utilities
Sony Vocal Eraser
Sound Forge Audio Studio 10.0
sp44626
Spellex for 2007 Microsoft Office
SpywareBlaster 5.0
Status
swMSM
System Requirements Lab for Intel
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
Vacation Quest™ - Australia
Walmart MP3 Music Downloads
WebReg
Wedding Salon
WildTangent Games
WildTangent Games App
WildTangent Games App (HP Games)
Windows Mobile Device Updater Component
WOT for Internet Explorer
Yahoo! Messenger
Youda Jewel Shop
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================



GMER 2.1.19357 - http://www.gmer.net
Rootkit quick scan 2014-03-04 08:00:36
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD321HJ rev.1AC01117 298.09GB
Running: 9n80s2m7.exe; Driver: C:\Users\Tammy\AppData\Local\Temp\pgldypob.sys

---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Search

Computer has malware and is slow need help to get it off

March 4, 2014, 3:38 pm
$
0
0
Hello,

This computer is a personal computer and does not have any group policies or defaults set in by a company.

It is having some issues that general hamper it's overall performance...

It will take many minutes to open some programs. overall very sluggish performance
Excel complains about memory even though I don't have much up and the computer has 4 gb of memory.
So because of this I can only have one or two files open in excel at once.

It will not wake up from hibernation correctly, after being in hibernation I see a mouse on a black screen and move it around but the screen will never appear with login after hibernation...and just stay black until restart.

Constantly need to restart, so I am thinking malware is running up the memory in the system.

Let me know if there is anything you can do to help and identify what might be causing this.

here are the logs from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:51:55 PM, on 3/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\VIPRE\SBAMUI.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Gaaiho PDF Conversion Toolbar Helper - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
O3 - Toolbar: Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
O3 - Toolbar: VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
O4 - HKLM\..\Run: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
O4 - HKLM\..\Run: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Spotify] "C:\Users\ADELYN\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - .DEFAULT User Startup: Smart Settings.lnk = C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 8 - res://C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
O8 - Extra context menu item: Open with PDF Professional 8 - res://C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe
O23 - Service: Backup Utility Service (BFBackupUtilityService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
O23 - Service: Backup Utility VSS Service (BFBackupUtilityVSSService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: bufssvr - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
O23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Feature Enhancement Pack Service (DFEPService) - Dell Inc. - C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EmbassyService - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GFI LanGuard 11 Attendant Service (gfi_lanss11_attservice) - GFI Software Development Ltd. - C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Internet Security (SBAMSvc) - ThreatTrack Security, Inc. - C:\Program Files (x86)\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - ThreatTrack Security, Inc. - C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TurboPC EX FileCopy Service (TC2Service) - Unknown owner - C:\Windows\system32\TC2Service.exe (file missing)
O23 - Service: NTRU TSS v1.2.1.37 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: TurboPC EX DiskCache Control Service (tpcexdccs) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WvPCR - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe

--
End of file - 15976 bytes



dds.txt from DDS:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/25/2013 9:55:59 AM
System Uptime: 3/4/2014 11:01:32 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 05GRXT
Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 383.06 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP120: 2/23/2014 7:00:30 PM - Windows Backup
RP121: 3/3/2014 9:11:35 AM - Windows Backup
RP122: 3/3/2014 10:51:51 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.82
AuthenTec Fingerprint Software
Avery Toolbar Updater
Avery Wizard 4.0
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BUFFALO Backup Utility
BUFFALO SecureLockManagerEasy for HD
BUFFALO TurboPC EX Series
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
Custom
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Client System Update
Dell Data Protection | Access
Dell Edoc Viewer
Dell Feature Enhancement Pack
Dell Touchpad
DellAccess
DW WLAN Card Utility
EMBASSY Client Core
Gemalto
Google Earth
Google Update Helper
HP LaserJet Enterprise 500 color M551
HP Unified IO
HP Update
HPDXP
HPLaserJetEnterprise500colorM551_HelpLearnCenter
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Junk Mail filter update
Lexmark Software Uninstall
LJDXPHelperUI
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
Nuance PDF Converter Professional 8
Nuance PDF Converter Professional 8 Update x64
O2Micro OZ776 SCR Driver
PC-CCID
Photobie -- photo editing software from Photobie Design
Preboot Manager
Private Information Manager
Samsung Universal Print Driver 2
Scansoft PDF Professional
Screen+ 1.0
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SPBA 5.9
ST Microelectronics 3 Axis Digital Accelerometer Solution
swMSM
toolkit32for64bit
Trusted Drive Manager
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Upek Touchchip Fingerprint Reader
VIPRE Internet Security
Wave Crypto Runtime 2.0.7.0 x86
Wave Infrastructure Installer
Wave Support Software Installer
WIDCOMM Bluetooth Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/4/2014 7:31:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Capability Licensing Service Interface service to connect.
3/4/2014 7:31:40 AM, Error: Service Control Manager [7000] - The Intel(R) Capability Licensing Service Interface service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/4/2014 11:02:14 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
3/3/2014 8:39:31 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "9C2A701F4876" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
3/3/2014 5:14:28 PM, Error: Disk [11] - The driver detected a controller error on \...\DR1.
.
==== End Of File ===========================







Attach.txt from DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by VSCADM at 14:05:20 on 2014-03-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3969.1674 [GMT -7:00]
.
AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\LMabcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\o2flash.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TC2Service.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
C:\Windows\System32\TC2Tray.exe
C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VIPRE\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\VIPRE\SBAMUI.exe
C:\Program Files (x86)\GFI\LanGuard 11 Agent\Mantle.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://dell13-comm.msn.com
uDefault_Page_URL = hxxp://dell13-comm.msn.com
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Gaaiho PDF Conversion Toolbar Helper: {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
mRun: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
mRun: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
mRun: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: Open with PDF Professional 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.1.10.1
TCP: Interfaces\{26B02B86-2908-4D07-8FCB-EB09EA50BCFA} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\14D6075646F53525 : DHCPNameServer = 192.168.1.240
TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\6535340275962756C6563737 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\65353475962756C6563737 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [tpcexTray] "C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe"
x64-Run: [TC2Tray] "C:\Windows\System32\TC2Tray.exe"
x64-Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;C:\Windows\System32\drivers\bftpdskc64.sys [2013-1-28 72016]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-7 20464]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-1-19 22128]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2013-1-25 260816]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2012-2-2 2664264]
R2 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?]
R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2011-11-30 163840]
R2 bufssvr;bufssvr;C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [2013-1-28 95608]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 176624]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
R2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [2012-11-23 133496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-19 13632]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-19 165336]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [2012-10-23 135056]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2013-9-5 3937472]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2013-6-18 88928]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [2013-9-5 176016]
R2 TC2Service;TurboPC EX FileCopy Service;C:\Windows\System32\TC2Service.exe -Service_Execute --> C:\Windows\System32\TC2Service.exe -Service_Execute [?]
R2 tpcexdccs;TurboPC EX DiskCache Control Service;C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [2013-1-28 134216]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-1-19 366040]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-1-19 165688]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-1-19 598808]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-8-7 39976]
R3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-1-25 41032]
R3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2013-7-3 31264]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-8-7 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-7 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-7 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-7 792560]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-1-19 84712]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2013-1-25 120608]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2013-4-12 88864]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2013-1-19 68208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;C:\Windows\System32\drivers\bftpusbx64.sys [2013-1-28 20608]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2013-1-19 72808]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2013-1-19 74984]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2013-1-25 120608]
S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2013-1-25 63184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736]
S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-04 18:49:48 -------- d-----w- C:\Users\VSCADM\AppData\Roaming\Malwarebytes
2014-03-04 18:49:38 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-04 18:32:33 -------- d-----w- C:\6bdc1f00a4c8f7bcae604132
2014-03-03 17:51:30 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-03-03 17:51:30 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-03-03 16:26:17 -------- d-----w- C:\Users\VSCADM\AppData\Roaming\HpUpdate
2014-03-03 16:25:13 591648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp145.DLL
2014-03-03 16:21:54 316704 ----a-w- C:\Windows\System32\hpbcoins64.dll
2014-03-03 16:21:47 518432 ----a-w- C:\Windows\SysWow64\hpcdmc32.DLL
2014-03-03 16:21:47 438560 ----a-w- C:\Windows\System32\hpcpn145.dll
2014-03-03 16:21:46 436512 ----a-w- C:\Windows\SysWow64\hpcc3145.dll
2014-03-03 15:48:28 -------- d-----w- C:\Program Files (x86)\HP
2014-02-26 18:54:05 -------- d-----w- C:\Program Files (x86)\Coupons
2014-02-12 10:02:04 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 10:02:04 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 10:00:59 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-12 10:00:58 5768704 ----a-w- C:\Windows\System32\jscript9.dll
.
==================== Find3M ====================
.
2014-02-21 01:59:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 01:59:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 14:05:57.86 ===============







ark.txt from GMER

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-04 14:57:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0005 465.76GB
Running: 7525ki77.exe; Driver: C:\Users\VSCADM\AppData\Local\Temp\ufaiyuob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666 fffff80002dfe08a 12 bytes [80, 09, 00, 00, 48, 2B, C1, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 682 fffff80002dfe09a 9 bytes [8B, 44, 24, 60, 48, 89, 84, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007788000c 1 byte [C3]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007790f8ea 5 bytes JMP 00000001778bd5c1
.text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Program Files (x86)\VIPRE\SBAMTray.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Program Files (x86)\VIPRE\SBAMTray.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Program Files (x86)\VIPRE\SBAMSvc.exe[5300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Program Files (x86)\VIPRE\SBAMSvc.exe[5300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0DFEB824-8F90-43C2-8580-F991E5F323F9}\Connection@Name isatap.{D21CADEF-F70F-492A-9323-97F8F3B3E70B}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{75C1FD0D-875E-4D72-A10C-6E746947E1D6}?\Device\{7646AB83-F476-4DC9-B0C1-408B3DF88E11}?\Device\{0DFEB824-8F90-43C2-8580-F991E5F323F9}?\Device\{A1A370E5-11FD-41D7-9C39-AC956C6F5553}?\Device\{BD7818D9-3AEA-4A62-9772-EC77E3C6D12E}?\Device\{BF6C5C0E-1355-4DF9-9674-43465523E5A8}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{75C1FD0D-875E-4D72-A10C-6E746947E1D6}"?"{7646AB83-F476-4DC9-B0C1-408B3DF88E11}"?"{0DFEB824-8F90-43C2-8580-F991E5F323F9}"?"{A1A370E5-11FD-41D7-9C39-AC956C6F5553}"?"{BD7818D9-3AEA-4A62-9772-EC77E3C6D12E}"?"{BF6C5C0E-1355-4DF9-9674-43465523E5A8}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{75C1FD0D-875E-4D72-A10C-6E746947E1D6}?\Device\TCPIP6TUNNEL_{7646AB83-F476-4DC9-B0C1-408B3DF88E11}?\Device\TCPIP6TUNNEL_{0DFEB824-8F90-43C2-8580-F991E5F323F9}?\Device\TCPIP6TUNNEL_{A1A370E5-11FD-41D7-9C39-AC956C6F5553}?\Device\TCPIP6TUNNEL_{BD7818D9-3AEA-4A62-9772-EC77E3C6D12E}?\Device\TCPIP6TUNNEL_{BF6C5C0E-1355-4DF9-9674-43465523E5A8}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2016d893c004
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0DFEB824-8F90-43C2-8580-F991E5F323F9}@InterfaceName isatap.{D21CADEF-F70F-492A-9323-97F8F3B3E70B}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0DFEB824-8F90-43C2-8580-F991E5F323F9}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 150745
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2016d893c004 (not active ControlSet)
---- EOF - GMER 2.1 ----

I think I still might have remnants of malware left, after my own try of malware remo

March 4, 2014, 6:58 pm
$
0
0
Hi guys and Girls, I am helping someone with an old Pentium 4 Windows XP Professional. She had lots of adware and toolbars and junk-ware like... Optimizer pro, Babylon toolbar, Conduit. I ran Malwarebytes and it found a lot of PUP's and Adware, I also did a Norton Power erase, I think it removed something. Hitman-pro found some too and deleted them. But it seems like I still have some laying around and I don't want to give this PC back until I make sure. For example: Conduit is still in Registry under iSyncConduit. Can anyone give me some assistance. I never been on one of these sites so excuse me. Jake747

How do I get rid of this Malware?

March 4, 2014, 6:58 pm
$
0
0
Hi, I have an old Pentium 4 Windows XP Professional PC. Has lots of adware and toolbars and junk-ware like... Optimizer pro, Babylon toolbar, Conduit. I ran Malwarebytes and it found a lot of PUP's and Adware, I also did a Norton Power erase, I think it removed something. Hitman-pro found some too and deleted them. But it seems like I still have some laying around and I don't want to give this PC back until I make sure. For example: I think conduit is still in Registry under iSyncConduit. Can anyone give me some assistance. Jake747

System only boots up in safe mode or system restore!

March 5, 2014, 5:55 pm
$
0
0
My computer boots with no icons or start menu. I do a system restore my desktop comes back. When I shut down and restart the same problem appear ( no desktop menu). The menu appears in safe mode. I have tried adware and malware bytes. The problem keeps occurring with no desktop and slow startup.
Please help! I have enclosed the following txt files HijackThis log., dds.txt file, attach.txt file and the ark.txt file. Please help!


 Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:33:42 PM, on 3/5/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware2\mbam.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Marie\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Marie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Marie\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WNA1100 Genie.lnk = C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O15 - Trusted Zone: my.magicjack.com
O15 - Trusted Zone: reg.talk4free.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/W...x/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
End of file - 15487 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by Marie at 18:56:15 on 2014-03-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.4500 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Marie\Desktop\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/13/2010 12:45:34 PM
System Uptime: 3/5/2014 6:26:57 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6TD DELUXE
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2672/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 865.621 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP989: 2/28/2014 6:06:05 AM - Windows Update
RP990: 2/28/2014 8:31:07 PM - Windows Update
RP991: 3/1/2014 9:59:48 AM - Windows Update
RP992: 3/3/2014 10:10:18 PM - Windows Update
RP993: 3/5/2014 5:20:36 AM - Windows Update
RP994: 3/5/2014 7:32:40 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.5
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Unified Messaging
AVG 2012
Bing Bar
Bing Desktop
Bonjour
BufferChm
CameraHelperMsi
Cisco WebEx Meetings
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DIRECTV Player
DocMgr
DocProc
erLT
Extended Asian Language font pack for Adobe Reader XI
Fax
FoxTab PDF Converter
GeForce Experience NvStream Client Components
Gleim CPA Test Prep 2010 WebDeploy
GMATPrep(TM)
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 6.0.0.1259
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
Host OpenAL (ADI)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510g-m
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
LanguageTool
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
magicJack
magicJack Outlook Add-In 1.0.3.521
magicJack Recovery Tool 1.0
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
marvell 61xx
Marvell Miniport Driver
Medical Terminology for Health Professions
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft IntelliPoint 7.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Business 2010
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Live Meeting 2005 Replay Wrapper
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mozilla Firefox 27.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
NETGEAR Genie
NETGEAR WNA1100 N150 Wireless USB Adapter
Network64
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 331.82
NVIDIA 3D Vision Driver 331.82
NVIDIA Control Panel 331.82
NVIDIA GeForce Experience 1.7.1
NVIDIA Graphics Driver 331.82
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.21
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.21
NVIDIA Update Components
NVIDIA Updatus
NVIDIA Virtual Audio 1.2.9
OCR Software by I.R.I.S. 13.0
Octoshape add-in for Adobe Flash Player
Professional Website Promoter
PVSonyDll
QuickTime
Safari
Scan
Seagate DiscWizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
Shop for HP Supplies
ShopAtHome.com Helper
Skype Click to Call
Skype™ 6.3
SmartWebPrinting
SnagIt 8
SolutionCenter
SoundMAX
Status
Toolbox
TrayApp
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009 widiper
TurboTax 2009 wiliper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 wrapper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wiliper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboV
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/5/2014 6:56:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2014 6:52:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/5/2014 6:52:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/5/2014 6:38:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1032.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/5/2014 6:28:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1032.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/5/2014 6:28:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/5/2014 6:28:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/5/2014 6:28:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/5/2014 6:28:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/5/2014 6:27:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/5/2014 6:27:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO discache MpFilter spldr Wanarpv6
3/5/2014 6:27:38 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
3/5/2014 6:24:09 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
.
==== End Of File ===========================

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-05 19:34:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000528AS rev.CC38 931.51GB
Running: gmer.exe; Driver: C:\Users\Marie\AppData\Local\Temp\ugloypod.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076541465 2 bytes [54, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765414bb 2 bytes [54, 76]
.text ... * 2
---- Processes - GMER 2.1 ----

Process C:\Users\Marie\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\Marie\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe [2328](2014-01-29 00:36:04) 0000000000400000

---- Registry - GMER 2.1 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Marie\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1

---- EOF - GMER 2.1 ----

Search Protect/Conduit Question

March 5, 2014, 6:10 pm
$
0
0
Hi,
I downloaded an app from CNET ( never again ) and ended up with Search Protect in the Task Bar and redirecting to Conduit.
Avast free never saw it. I ran AdwareCleaner and MalwareBytes Ant-rootkit, rebooted and no sign of it.
How best can I check to verify that it's really gone.

ps not sure about the Gmer log

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, x64 Family 15 Model 107 Stepping 1
Processor Count: 2
RAM: 3325 Mb
Graphics Card: NVIDIA GeForce 210, 512 Mb
Hard Drives: C: Total - 228121 MB, Free - 131165 MB; D: Total - 10239 MB, Free - 5254 MB; J: Total - 152624 MB, Free - 152340 MB;
Motherboard: Dell Inc., 0RY206
Antivirus: avast! Antivirus, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:23 PM, on 3/5/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16520)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Dixie\AppData\Local\Apps\2.0\9NWK6H5Z.06A\KRWVHH52.CRY\dell..tion_ 0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\Dixie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVDNkQtS1JORjQtOUhSWEotQUtUSzMtTFI2UFEtTkpTQUg"&"inst=NzctMTg2Mjc 4NDQxMy1VOTArMS1UUCsxLVBMKzgtU1AxKzEtU1AxVEIrMS1TVVArMi1TUDFTMisxLUREVCswLU REMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVRCTisxLUZVSSsyLVAxME1IKzEtVEJWVVBHKzEyL VAxME1HT0ZGKzEtVEJDVisxLUMxMFUrMTExMy1GMTBVMTMrMS1GMTBVMTNWKzEtRjEwVTEzUysz LUNJRDY1KzE"&"prod=90"&"ver=10.0.1427
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ROC_ROC_JAN2013_AV] C:\Users\Dixie\AppData\Roaming\AVG January 2013 Campaign\ROC_JAN2013_AV.exe /PROMPT --mid eef3fc518d5969db7ee63f2381c8340d-09b8b9d5b609811485e79b3397480494bb9fa5f8
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Dixie\AppData\Local\Apps\2.0\9NWK6H5Z.06A\KRWVHH52.CRY\dell..tion_ 0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8689 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.51.2
Run by Dixie at 20:41:58 on 2014-03-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2027 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbccoms.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Dixie\AppData\Local\Apps\2.0\9NWK6H5Z.06A\KRWVHH52.CRY\dell..tion_ 0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: BearShare MediaBar: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} -
TB: BearShare MediaBar: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} -
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ROC_ROC_JAN2013_AV] c:\users\dixie\appdata\roaming\avg january 2013 campaign\ROC_JAN2013_AV.exe /PROMPT --mid eef3fc518d5969db7ee63f2381c8340d-09b8b9d5b609811485e79b3397480494bb9fa5f8
uRun: [DellSystemDetect] c:\users\dixie\appdata\local\apps\2.0\9nwk6h5z.06a\krwvhh52.cry\dell..tion_ 0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
uRun: [Akamai NetSession Interface] "c:\users\dixie\appdata\local\akamai\netsession_win.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVDNkQtS1JORjQtOUhSWEotQUtUSzMtTFI2UFEtTkpTQUg"&"inst=NzctMTg2Mjc 4NDQxMy1VOTArMS1UUCsxLVBMKzgtU1AxKzEtU1AxVEIrMS1TVVArMi1TUDFTMisxLUREVCswLU REMTArMS1TVDEwQVBQKzEtUDEwTTEyQysxLVRCTisxLUZVSSsyLVAxME1IKzEtVEJWVVBHKzEyL VAxME1HT0ZGKzEtVEJDVisxLUMxMFUrMTExMy1GMTBVMTMrMS1GMTBVMTNWKzEtRjEwVTEzUysz LUNJRDY1KzE"&"prod=90"&"ver=10.0.1427
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
Trusted Zone: dell.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{350641B0-898F-4D29-99CA-436A4B1CF266} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3EB6AD1B-456A-4305-ACE8-8A902F504B1D} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dixie\appdata\roaming\mozilla\firefox\profiles\27oct4gy.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\users\dixie\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\dixie\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-9 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-9 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-14 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-14 410784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-14 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-14 50344]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-2-19 45848]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [?]
S3 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [?]
.
=============== Created Last 30 ================
.
2014-03-05 04:53:50 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-04 21:11:24 -------- d-----w- c:\program files\Xirrus
2014-03-04 21:10:17 -------- d-----w- c:\users\dixie\appdata\roaming\Xirrus
2014-02-26 22:28:13 -------- d-----w- c:\users\dixie\appdata\local\Akamai
2014-02-21 02:48:32 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-02-21 02:46:46 9728064 ----a-w- c:\windows\system32\nvcuda.dll
2014-02-21 02:46:46 9690424 ----a-w- c:\windows\system32\nvopencl.dll
2014-02-21 02:46:46 895264 ----a-w- c:\windows\system32\nvdispgenco3233489.dll
2014-02-21 02:46:46 2956576 ----a-w- c:\windows\system32\nvcuvid.dll
2014-02-21 02:46:46 2713728 ----a-w- c:\windows\system32\nvapi.dll
2014-02-21 02:46:46 2410784 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-02-21 02:46:46 23683360 ----a-w- c:\windows\system32\nvoglv32.dll
2014-02-21 02:46:46 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2014-02-21 02:46:46 15740232 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-02-21 02:46:46 14669032 ----a-w- c:\windows\system32\nvd3dum.dll
2014-02-21 02:46:46 1049888 ----a-w- c:\windows\system32\nvdispco3233489.dll
2014-02-21 02:46:46 10180896 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-02-21 02:44:43 -------- d-----w- C:\NVIDIA
.
==================== Find3M ====================
.
2014-03-06 01:28:23 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-21 21:04:31 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-21 21:04:31 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-21 21:04:31 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-21 21:04:30 43152 ----a-w- c:\windows\avastSS.scr
2014-02-08 17:11:47 4348704 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-08 17:11:47 3045664 ----a-w- c:\windows\system32\nvsvc.dll
2014-02-08 17:11:44 664864 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-08 17:11:44 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-02-08 17:11:44 376096 ----a-w- c:\windows\system32\nvmctray.dll
2013-12-19 02:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 20:42:32.42 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/28/2007 7:22:07 AM
System Uptime: 3/4/2014 4:37:29 PM (28 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 128.087 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.131 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 149 GiB total, 148.77 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP2285: 2/13/2014 - Scheduled Checkpoint
RP2286: 2/14/2014 - Scheduled Checkpoint
RP2287: 2/15/2014 - Scheduled Checkpoint
RP2288: 2/16/2014 - Scheduled Checkpoint
RP2289: 2/17/2014 - Scheduled Checkpoint
RP2290: 2/18/2014 - Scheduled Checkpoint
RP2291: 2/18/2014 4:21:53 PM - before some ms updates
RP2292: 2/18/2014 5:38:05 PM - Windows Update
RP2293: 2/19/2014 4:07:41 PM - Restore Operation
RP2294: 2/20/2014 9:47:34 PM - Device Driver Package Install: NVIDIA Display adapters
RP2296: 2/21/2014 4:03:21 PM - avast! antivirus system restore point
RP2297: 2/21/2014 8:39:35 PM - scans clean.
RP2298: 2/22/2014 11:27:23 AM - Scheduled Checkpoint
RP2299: 2/23/2014 - Scheduled Checkpoint
RP2300: 2/24/2014 - Scheduled Checkpoint
RP2301: 2/25/2014 12:00:01 AM - Scheduled Checkpoint
RP2302: 2/26/2014 - Scheduled Checkpoint
RP2303: 2/26/2014 5:25:22 PM - before wlan driver
RP2304: 2/26/2014 5:27:54 PM - Installed Akamai NetSession Interface
RP2305: 2/26/2014 5:33:25 PM - Device Driver Package Install: ASUS Network adapters
RP2306: 2/28/2014 - Scheduled Checkpoint
RP2307: 2/28/2014 6:33:09 PM - Scheduled Checkpoint
RP2308: 3/2/2014 - Scheduled Checkpoint
RP2309: 3/3/2014 - Scheduled Checkpoint
RP2310: 3/4/2014 - Scheduled Checkpoint
RP2311: 3/4/2014 4:10:38 PM - Installed Xirrus Wi-Fi Inspector
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
AIO_CDA_ProductContext
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
avast! Free Antivirus
BlackBerry Device Software Updater
Bonjour
Browser Address Error Redirector
BufferChm
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Dell DataSafe Online
Dell Support Center
Dell System Customization Wizard
Dell System Detect
DellSupport
DeviceDiscovery
DeviceManagementQFolder
dj_sf_software
ESET Online Scanner v3
Facebook Plug-In
FlipShare
Games, Music, & Photos Launcher
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 9.0
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
HP Smart Web Printing
HP Update
HPSSupply
iTunes
Java 7 Update 51
Java Auto Updater
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Money 2006
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mobile Mouse Server
MobileMe Control Panel
Move Media Player
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (3.0)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Nuclear Coffee - DiscRipper
NVIDIA Control Panel 334.89
NVIDIA Display Control Panel
NVIDIA Graphics Driver 334.89
NVIDIA Install Application
NVIDIANetworkDiagnostic
OpenOffice 4.0.1
Paint.NET v3.36
PanoStandAlone
Product Documentation Launcher
PS_AIO_07_D110_SW_Min
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
SDFormatter
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Sonic Activation Module
Status
SUPERAntiSpyware
Switch Sound File Converter
TBS WMP Plug-in
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Works Upgrade
Xirrus Wi-Fi Inspector
.
==== Event Viewer Messages From Past Week ========
.
3/4/2014 4:38:05 PM, Error: Service Control Manager [7000] - The Photoshop Elements Device Connect service failed to start due to the following error: The system cannot find the file specified.
3/4/2014 4:38:05 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/4/2014 4:38:05 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-05 21:07:55
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000056 ST325082 rev.3.AD 232.83GB
Running: igyzirs6.exe; Driver: C:\Users\Dixie\AppData\Local\Temp\ugloapod.sys


---- System - GMER 2.1 ----

SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90A63ACC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90A645AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x90A70692]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90A706DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90A70878]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x90A70600]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x90B1A426]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90A70648]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x90A64AE0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x90A70832]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90A65398]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90A63B32]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90A68BE4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x90A6371E]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90B1A506]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90A63B98]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90A68FDA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90A65EDE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x90A706BC]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90A70700]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90A7089C]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x90A70626]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x90A684DE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x90A707B0]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90A70670]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x90A688C6]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x90A70856]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90B1A2AA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x90A65CF4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThread [0x90A6584A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90A63BFE]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90A63C64]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x90B1A602]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90A637B8]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90A6398A]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90A63918]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90A65562]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x90A656C4]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90A63A12]
SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x90B1A378]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x90A651F2]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x90A63CCA]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x90A64606]
SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x90A64CFC]

INT 0x01 \??\C:\Users\Dixie\AppData\Local\Temp\mbr.sys A2AC8C42

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 82AFB758 4 Bytes [CC, 3A, A6, 90]
.text ntkrnlpa.exe!KeSetEvent + 191 82AFB7DC 4 Bytes [AA, 45, A6, 90] {STOSB ; INC EBP; CMPSB ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1D1 82AFB81C 8 Bytes [92, 06, A7, 90, DE, 06, A7, ...] {XCHG EDX, EAX; PUSH ES; CMPSD ; NOP ; FIADD WORD [ESI]; CMPSD ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1DD 82AFB828 4 Bytes [78, 08, A7, 90] {JS 0xa; CMPSD ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1F5 82AFB840 4 Bytes [00, 06, A7, 90] {ADD [ESI], AL; CMPSD ; NOP }
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82C8900F 4 Bytes CALL 90A665C5 \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82C8CC83 4 Bytes CALL 90A665DB \??\C:\Windows\system32\drivers\aswSnx.sys
? C:\Users\Dixie\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[264] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[468] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[548] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[584] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[592] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] ntdll.dll!LdrLoadDll 77C49378 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] ntdll.dll!LdrUnloadDll 77C5B680 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!EnableWindow 775FCD8B 5 Bytes JMP 69689ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxParamW 776210B0 5 Bytes JMP 695E189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxIndirectParamW 77622EF5 5 Bytes JMP 697D9266 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxParamA 77638152 5 Bytes JMP 697D9201 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxIndirectParamA 7763847D 5 Bytes JMP 697D92CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxIndirectA 7764D4D9 5 Bytes JMP 697D9188 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxIndirectW 7764D5D3 5 Bytes JMP 697D910F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxExA 7764D639 5 Bytes JMP 697D90AB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxExW 7764D65D 5 Bytes JMP 697D9047 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[4108] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Users\Dixie\AppData\Local\Akamai\netsession_win.exe[4128] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4156] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[4196] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[4240] kernel32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5500] ntdll.dll!LdrLoadDll 77C49378 5 Bytes JMP 000601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5500] ntdll.dll!LdrUnloadDll 77C5B680 5 Bytes JMP 000603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5500] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] ntdll.dll!LdrLoadDll 77C49378 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] ntdll.dll!LdrUnloadDll 77C5B680 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] KERNEL32.dll!CreateThread 77A3CB0E 5 Bytes JMP 696475DB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] KERNEL32.dll!GetBinaryTypeW + 70 77A42447 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateDialogParamW 775F72A2 5 Bytes JMP 697D95D0 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!GetAsyncKeyState 775F863C 5 Bytes JMP 6962DECD C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!SetWindowsHookExW 775F87AD 5 Bytes JMP 696825C4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CallNextHookEx 775F8E3B 5 Bytes JMP 696A7FFF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!UnhookWindowsHookEx 775F98DB 5 Bytes JMP 696CED20 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!EnableWindow 775FCD8B 5 Bytes JMP 69689ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DefWindowProcA 775FDB88 7 Bytes JMP 69649805 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateWindowExA 775FDC2A 5 Bytes JMP 6965363B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateWindowExW 77601305 5 Bytes JMP 696B03EF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!GetKeyState 77608CB1 5 Bytes JMP 6962DDA7 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DefWindowProcW 776103B4 7 Bytes JMP 696A8062 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!IsDialogMessageW 77610745 5 Bytes JMP 697D9D2A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateDialogParamA 776117AA 5 Bytes JMP 697D9598 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!IsDialogMessage 77611847 5 Bytes JMP 697D9D02 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateDialogIndirectParamA 776126F1 5 Bytes JMP 697D9608 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!CreateDialogIndirectParamW 77619A62 5 Bytes JMP 697D9640 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!SetKeyboardState 77620987 5 Bytes JMP 697DA5F1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DialogBoxParamW 776210B0 5 Bytes JMP 695E189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DialogBoxIndirectParamW 77622EF5 5 Bytes JMP 697D9266 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!SendInput 77622F75 5 Bytes JMP 697DA599 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!EndDialog 7762326E 5 Bytes JMP 697D9FD6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!SetCursorPos 77636FB2 5 Bytes JMP 697DA672 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DialogBoxParamA 77638152 5 Bytes JMP 697D9201 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!DialogBoxIndirectParamA 7763847D 5 Bytes JMP 697D92CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!MessageBoxIndirectA 7764D4D9 5 Bytes JMP 697D9188 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!MessageBoxIndirectW 7764D5D3 5 Bytes JMP 697D910F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!MessageBoxExA 7764D639 5 Bytes JMP 697D90AB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!MessageBoxExW 7764D65D 5 Bytes JMP 697D9047 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] USER32.dll!keybd_event 7764D972 5 Bytes JMP 697DA556 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] SHELL32.dll!SHRestricted + D95 764F89A8 4 Bytes [CF, 01, 48, 6C] {IRET ; ADD [EAX+0x6c], ECX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] SHELL32.dll!SHRestricted + D9D 764F89B0 8 Bytes [E0, 61, 47, 6C, 79, F7, 47, ...] {LOOPNZ 0x63; INC EDI; INS BYTE [ES:EDI], DX; JNS 0xfffffffd; INC EDI; INS BYTE [ES:EDI], DX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5872] ole32.dll!OleLoadFromStream 77AF1E80 5 Bytes JMP 697D9A34 C:\Windows\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- EOF - GMER 2.1 ----
Viewing all 3123 articles
Browse latest View live
Search