Xirxies,
We will get that stuff.
I'm sure you realize that any video player, flash player or codec update requested while online will get your machine infected.

You need to stay away from CNET, Download.com and Softonic
CNET has become famous for bundling junkware in its downloads without notice.
http://www.billhartzer.com/pages/cne...s-and-spyware/
http://insecure.org/news/download-com-fiasco.html
There are many posts about it online.

Major Geeks is OK, just be careful what button you click when you download.

----------------------------------------------------------
Get Internet Explorer 11 from Here and Install it.
http://windows.microsoft.com/en-us/i...er/download-ie
-----------------------------------------------------------
Download and Run the Farbar Scan Tool
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. (Your system appears is 64-bit).

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from (desktop).
• Please copy and paste the log back here.
• The first time the tool is run, it generates another log Addition.txt - also located in the same directory as FRST64.exe(desktop). Please also paste that along with the FRST.txt into your reply.

askey127

cs,
I would follow up with this.
You can be fairly certain that conduit is still hijacking your searches.
If you would rather try to do things yourself, OK.
-------------------------------------------------------------
AdwCleaner Download and Run

Download AdwCleaner and save it to your desktop or somewhere you can find it.
Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete.
When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
You will then be presented with the report. Copy & Paste it into a reply here before running any other programs.


If you lose track of the log, it is saved in this folder C:\AdwCleaner\
The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.
askey127

How do i remove Slow PCFighter on a Windows 8 machine.
Did everything i could Malwarebytes, Avast, Superanti..., CCleaner etc. to no avail.
Thank You,
Gary

# AdwCleaner v3.205 - Report created 02/05/2014 at 20:10:06
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Margaret - MOSES
# Running from : C:\Users\Margaret\Downloads\AdwCleaner (1).exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v
[ File : C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\yq24oftq.default \prefs.js ]

-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://isearch.avg.com/search?cid={571C18B4-D34F-4F8E-B36D-6B4F298C8148}&mid=f857424e1c9447d1bbb3d144105a5e5f-2c25091299d121dcb496b11aef412199100e8ac8&lang=en&ds=AVG&pr=pr&d=2011-12-22 23:11:19&v=10.2.0.3&sap=dsp&q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search
*************************
AdwCleaner[R0].txt - [1074 octets] - [02/05/2014 02:58:03]
AdwCleaner[R1].txt - [1070 octets] - [02/05/2014 03:09:48]
AdwCleaner[R2].txt - [1641 octets] - [02/05/2014 10:26:50]
AdwCleaner[R3].txt - [1445 octets] - [02/05/2014 20:10:06]
AdwCleaner[S0].txt - [1138 octets] - [02/05/2014 02:59:05]
AdwCleaner[S1].txt - [1132 octets] - [02/05/2014 03:10:12]
AdwCleaner[S2].txt - [1710 octets] - [02/05/2014 10:27:43]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1685 octets] ##########

Hi georgeg2000,
Please don't Install, Uninstall, or Delete anything unless I ask, until we are through.
This makes it much easier for me to keep track of what is on there.

Quite a bit to do in the beginning. Just take one step at a time.
The Adobe Reader is out of date and poses a risk. We will replace it later.
Spybot is not particularly helpful with these kinds of infections, and may interfere with our removals.
You have two antivirus apps running at the same time. That can make the system unstable, and actually reduce your protection.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe Reader X
Homepage Protection
PDFCreator
Spybot - Search & Destroy

Take extra care in answering questions posed by any Uninstaller.
If Spybot asks whether you want to remove all settings, answer Yes.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-------------------------------------------------------------
AdwCleaner Download and Run

Download AdwCleaner and save it to your desktop or somewhere you can find it.
Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete.
When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
You will then be presented with the report. Copy & Paste it into a reply here before running any other programs.


If you lose track of the log, it is saved in this folder C:\AdwCleaner\
The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL

• Right click the OTL icon and choose "Run as administrator" to run it.
• Check the box at the top, labeled Include 64 bit scans
• Check the boxes labeled :
  • Scan All Users
  • LOP check
  • Purity check
  • Extra Registry > Use SafeList
• Make sure all other windows are closed to let it run uninterrupted.
• Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
---------------------------------------------------
So, In Your Replies, we will be looking for the following :
The contents of:

• The log from AdwCleaner
• OTL.txt
• Extras.txt

Please feel free to use separate replies.

askey127

Last week or so computer has been running slow and is getting worse. Started out taking long time to load Firefox and get to MSN homepage. Also slow to open browser after typing password and taking it's time to load anything on the internet. Yesterday it stated freezing up whenever I tried to do anything. Surprised I got here. Had to try many times. Thanks in advance for any help you can give.
Also, I'm very much a novice. I'll probably need your help walking me through whatever you ask me to do other than the most basic functions.Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:32 PM, on 5/2/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=????
F3 - REG:win.ini: run=????
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/map...G/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1277442925546
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames...f.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames...n.cab64162.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6340 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Kevin at 23:16:13 on 2014-05-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.702.128 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uWindows: Load = ????
uWindows: Run = ????
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://download.autodesk.com/esd/mapguide/SP1/ENG/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277442925546
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{73D36669-41A7-4756-9D87-708C69B0F62C} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kevin\application data\mozilla\firefox\profiles\cqkxiuz4.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://websearch.shopathome.com?user_id={92ee54c0-1ec2-42b8-8b6e-a0644d40fd3c}&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserre cordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim. dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-16 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-12 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-11-12 410784]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2010-5-24 15784]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-10-7 61424]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-3-16 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-12 50344]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2010-5-24 162344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-19 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-24 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-24 22856]
S0 trbha;trbha;c:\windows\system32\drivers\beji.sys --> c:\windows\system32\drivers\beji.sys [?]
S2 CachemanService;Cacheman Service; [x]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-10-15 27064]
.
=============== Created Last 30 ================
.
2014-05-02 15:48:07 1266800 ----a-w- c:\program files\mozilla firefox\icuin52.dll
2014-05-02 15:48:07 10594416 ----a-w- c:\program files\mozilla firefox\icudt52.dll
2014-05-02 15:48:06 965232 ----a-w- c:\program files\mozilla firefox\icuuc52.dll
.
==================== Find3M ====================
.
2014-04-29 12:07:02 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 12:07:02 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 05:23:58 50063360 ----a-w- c:\program files\GUT5.tmp
2014-02-21 05:14:37 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-21 05:13:38 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-21 05:13:38 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-21 05:13:36 43152 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 23:17:00.89 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2010 1:19:54 PM
System Uptime: 5/2/2014 2:25:36 PM (9 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Sempron(tm) Processor 3200+ | Socket 939 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 15.084 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A26103C&REV_11\3&61AAA01&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A26103C&REV_11\3&61AAA01&0&A0
Service:
.
==== System Restore Points ===================
.
RP454: 2/23/2014 11:30:18 PM - System Checkpoint
RP455: 2/25/2014 12:30:18 AM - System Checkpoint
RP456: 2/26/2014 1:30:19 AM - System Checkpoint
RP457: 2/27/2014 2:30:19 AM - System Checkpoint
RP458: 2/28/2014 3:30:19 AM - System Checkpoint
RP459: 3/1/2014 4:30:19 AM - System Checkpoint
RP460: 3/2/2014 5:30:18 AM - System Checkpoint
RP461: 3/3/2014 6:21:29 AM - System Checkpoint
RP462: 3/4/2014 7:33:27 AM - System Checkpoint
RP463: 3/5/2014 8:21:31 AM - System Checkpoint
RP464: 3/6/2014 8:23:41 AM - System Checkpoint
RP465: 3/7/2014 8:42:30 AM - System Checkpoint
RP466: 3/8/2014 9:01:22 AM - System Checkpoint
RP467: 3/9/2014 9:39:40 AM - System Checkpoint
RP468: 3/10/2014 10:17:59 AM - System Checkpoint
RP469: 3/11/2014 10:45:18 AM - System Checkpoint
RP470: 3/12/2014 11:45:17 AM - System Checkpoint
RP471: 3/13/2014 12:46:59 PM - System Checkpoint
RP472: 3/14/2014 1:45:18 PM - System Checkpoint
RP473: 3/15/2014 2:45:18 PM - System Checkpoint
RP474: 3/16/2014 3:42:25 PM - System Checkpoint
RP475: 3/17/2014 3:45:18 PM - System Checkpoint
RP476: 3/18/2014 4:45:21 PM - System Checkpoint
RP477: 3/19/2014 5:45:20 PM - System Checkpoint
RP478: 3/20/2014 6:45:18 PM - System Checkpoint
RP479: 3/21/2014 7:45:18 PM - System Checkpoint
RP480: 3/22/2014 8:45:18 PM - System Checkpoint
RP481: 3/23/2014 9:31:52 PM - System Checkpoint
RP482: 3/24/2014 9:46:24 PM - System Checkpoint
RP483: 3/25/2014 10:45:22 PM - System Checkpoint
RP484: 3/27/2014 12:12:48 AM - System Checkpoint
RP485: 3/28/2014 12:20:18 AM - System Checkpoint
RP486: 4/3/2014 12:54:55 PM - System Checkpoint
RP487: 4/4/2014 1:05:24 PM - System Checkpoint
RP488: 4/5/2014 2:05:25 PM - System Checkpoint
RP489: 4/6/2014 4:05:17 PM - System Checkpoint
RP490: 4/7/2014 5:05:17 PM - System Checkpoint
RP491: 4/8/2014 6:05:17 PM - System Checkpoint
RP492: 4/9/2014 7:05:19 PM - System Checkpoint
RP493: 4/10/2014 10:22:15 PM - System Checkpoint
RP494: 4/11/2014 11:05:36 PM - System Checkpoint
RP495: 4/13/2014 12:11:15 AM - System Checkpoint
RP496: 4/14/2014 1:05:18 AM - System Checkpoint
RP497: 4/15/2014 2:05:18 AM - System Checkpoint
RP498: 4/16/2014 3:05:19 AM - System Checkpoint
RP499: 4/17/2014 4:05:18 AM - System Checkpoint
RP500: 4/18/2014 5:05:19 AM - System Checkpoint
RP501: 4/19/2014 6:05:19 AM - System Checkpoint
RP502: 4/20/2014 6:38:25 AM - System Checkpoint
RP503: 4/21/2014 7:38:23 AM - System Checkpoint
RP504: 4/22/2014 8:38:25 AM - System Checkpoint
RP505: 4/23/2014 10:02:32 PM - System Checkpoint
RP506: 4/24/2014 10:31:26 PM - System Checkpoint
RP507: 4/25/2014 11:31:27 PM - System Checkpoint
RP508: 4/27/2014 12:31:24 AM - System Checkpoint
RP509: 4/28/2014 1:31:51 AM - System Checkpoint
RP510: 4/29/2014 2:31:27 AM - System Checkpoint
RP511: 5/1/2014 9:04:07 PM - System Checkpoint
RP512: 5/2/2014 9:30:04 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.6
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
CCleaner
Coupon Printer for Windows
CyberLink BD Advisor 2.0
CyberLink DVD Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerDVD Copy
CyberLink PowerProducer
Disk Cleaner (remove only)
ESET Online Scanner v3
HiJackThis
Java 7 Update 40
Java Auto Updater
LightScribe System Software 1.14.19.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Client Service Pack 2
Microsoft .NET Framework 3.0 Client Service Pack 2
Microsoft .NET Framework 3.5 Client Service Pack 1
Microsoft .NET Framework Client Profile
Microsoft Bootvis
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Motorola SM56 Speakerphone Modem
Mozilla Firefox 29.0 (x86 en-US)
MSN
Paint.NET v3.5.8
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.9
swMSM
WebFldrs XP
Winamp
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
5/1/2014 8:47:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
5/1/2014 8:47:39 PM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/1/2014 8:47:39 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/1/2014 8:47:39 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/1/2014 8:47:39 PM, error: Service Control Manager [7000] - The Cacheman Service service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-03 10:01:41
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 ST380011A rev.8.11 74.53GB
Running: gk1o0f2d[1].exe; Driver: C:\DOCUME~1\Kevin\LOCALS~1\Temp\uweiqaoc.sys


---- System - GMER 2.1 ----

SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xF2828ACC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xF28295AA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xF286D881]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xF2835692]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xF28356DE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xF2835878]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xF286D235]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xF2835600]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xF2835722]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xF2835648]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xF2829AE0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xF2835832]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xF282A398]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xF2828B32]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xF286DF47]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xF286E1FD]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xF282DBE4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xF286DDB2]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xF286DC1D]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xF282871E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwMapViewOfSection [0xF2B3E506]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xF2828B98]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xF282DFDA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xF282AEDE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xF28356BC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xF2835700]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xF283589C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xF286D591]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xF2835626]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xF282D4DE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xF28357B0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xF2835670]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xF282D8C6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xF2835856]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xF2B3E2AA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xF286DA98]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xF282ACF4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xF286D8EA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xF282A84A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xF2B4C286]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xF286C87B]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xF2828BFE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xF2828C64]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xF282A212]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xF28287B8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xF282898A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xF286E04E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xF2828918]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xF282A562]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xF282A6C4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xF2828A12]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xF282A050]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xF282A1F2]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xF2828CCA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xF2829606]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2628 80501E50 4 Bytes [EA, D8, 86, F2]
.text ntkrnlpa.exe!ZwCallbackReturn + 26B0 80501ED8 12 Bytes [FE, 8B, 82, F2, 64, 8C, 82, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F80 12 Bytes [62, A5, 82, F2, C4, A6, 82, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B7C0 4 Bytes CALL F282B5AF \??\C:\WINDOWS\system32\drivers\aswSnx.sys
C:\Program Files\CyberLink\PowerDVD8\000.fcl entry point in "" section [0xEFFD441C]
.clc C:\Program Files\CyberLink\PowerDVD8\000.fcl unknown last code section [0xEFFD5000, 0x1000, 0xE0000020]
? C:\DOCUME~1\Kevin\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\System32\smss.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[584] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[668] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1636] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2972] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3108] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3108] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 104FD618 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 104FD689 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10501389 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3108] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 104FAC50 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3272] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[3328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[3328] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[3328] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3604] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C1EB1 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003B03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] KERNEL32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 0224B5B0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 0224B58D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] KERNEL32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 018C76E2 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] user32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 01FE52E3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 0224B50E C:\Program Files\Mozilla Firefox\xul.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[4304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[4304] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\SZHORLLK\gk1o0f2d[1].exe[4332] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\SZHORLLK\gk1o0f2d[1].exe[4332] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[4476] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[4476] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003701F8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003703FC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00BD9315 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CADBCB C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 00CADD81 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00CB4832 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C11CA2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00DCE021 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00DCDF51 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00DCDFBE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00DCDE22 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00DCDE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00DCE084 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00DCDEE6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4684] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00CB488E C:\WINDOWS\system32\IEFRAME.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[4820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\NOTEPAD.EXE[4820] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003701F8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003703FC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00BD9315 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00CB4832 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00DCE021 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00DCDF51 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00DCDFBE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00DCDE22 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00DCDE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00DCE084 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5304] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00DCDEE6 C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

Device \FileSystem\Udfs \UdfsCdRom CLBUDF.SYS
Device \FileSystem\Udfs \UdfsDisk CLBUDF.SYS

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys

Device \FileSystem\Cdfs \Cdfs CLBUDF.SYS

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-796845957-1644491937-1801674531-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 867696272
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-796845957-1644491937-1801674531-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30369418
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-796845957-1644491937-1801674531-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 867696272
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-796845957-1644491937-1801674531-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30369418

---- EOF - GMER 2.1 ----

Thanks for the log, continue please:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin....

I don't know if this belongs in this forum.
When I turn on my PC I get a message that Version 2.0 for Android has stopped working. Is it a virus or malware? If so, how do I get rid of it. Details from that message are:

Problem signature:
Problem Event Name: APPCRASH
Application Name: UA.exe
Application Version: 1.0.0.1
Application Timestamp: 53463944
Fault Module Name: MSVCR90.dll
Fault Module Version: 9.0.30729.6161
Fault Module Timestamp: 4dace5b9
Exception Code: c0000005
Exception Offset: 00056b1d
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:
http://go.microsoft.com/fwlink/?link...8&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\windows\system32\en-US\erofflps.txt

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 5992 Mb
Graphics Card: Intel(R) HD Graphics, -1924 Mb
Hard Drives: C: Total - 928092 MB, Free - 845266 MB;
Motherboard: LENOVO, To be filled by O.E.M.
Antivirus: Avira Desktop, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:53:56 PM, on 5/3/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAEGRETX\HijackThis.exe

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxcj_device - Unknown owner - C:\windows\system32\lxcjcoms.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\PC Speed Up\PCSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8488 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by Jack at 15:54:50 on 2014-05-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.3959 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\PC Speed Up\PCSUService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k AcfXAudioService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\jmesoft\Service.exe
C:\windows\system32\lxcjcoms.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\splwow64.exe
C:\Users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAEGRETX\HijackThis.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uProxyServer = localhost:21320
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe /fromrunkey
uRun: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [EMET 4.1 Agent] "C:\Program Files (x86)\EMET 4.1\EMET_agent.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VE RIZO~1.LNK - C:\Users\Jack\AppData\Roaming\Verizon\UA_ar\UA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A96CFA50-48EB-4D76-AF28-49A9AC9A857A} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DC8E28BA-2AE1-468A-855B-AFE34D73F752} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CyDzyyCtCyB0FyBtA0B0Et N0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N 2Y1L1Qzu2StB0AyDtA0EtDyD0DtGtD0CzzyBtGtA0C0BtAtGzy0Czy0CtGtCtAyD0FyDtC0C0B0 E0A0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtBzyyBtC0E0E0EtG0DtD0B0CtGtDtA0C0DtGyB0C 0FyCtGtBtB0FtC0EtC0C0C0B0BtC0D2Q&cr=1238645038&ir=
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\9xg22r93.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.irmysearch.aflt - dsites_14_12_ch
FF - user.js: extensions.irmysearch.instlRef - 140305_b
FF - user.js: extensions.irmysearch.cr - 1238645038
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CyDzyyCtCyB0FyBtA0B0EtN0D0Tzu0SzztCtBtN1L2XzutBt FtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AyDtA0EtDyD0D tGtD0CzzyBtGtA0C0BtAtGzy0Czy0CtGtCtAyD0FyDtC0C0B0E0A0DtB2QtN1M1F1B2Z1V1N2Y1 L1Qzu2StDtBzyyBtC0E0E0EtG0DtD0B0CtGtDtA0C0DtGyB0C0FyCtGtBtB0FtC0EtC0C0C0B0B tC0D2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CyDzyyCtCyB0FyBtA0B0Et N0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N 2Y1L1Qzu2StB0AyDtA0EtDyD0DtGtD0CzzyBtGtA0C0BtAtGzy0Czy0CtGtCtAyD0FyDtC0C0B0 E0A0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtBzyyBtC0E0E0EtG0DtD0B0CtGtDtA0C0DtGyB0C 0FyCtGtBtB0FtC0EtC0C0C0B0BtC0D2Q&cr=1238645038&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CyDzyyCtCyB0FyBtA0B0Et N0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N 2Y1L1Qzu2StB0AyDtA0EtDyD0DtGtD0CzzyBtGtA0C0BtAtGzy0Czy0CtGtCtAyD0FyDtC0C0B0 E0A0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtBzyyBtC0E0E0EtG0DtD0B0CtGtDtA0C0DtGyB0C 0FyCtGtBtB0FtC0EtC0C0C0B0BtC0D2Q&cr=1238645038&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CyDzyyCtCyB0FyBtA0B0Et N0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N 2Y1L1Qzu2StB0AyDtA0EtDyD0DtGtD0CzzyBtGtA0C0BtAtGzy0Czy0CtGtCtAyD0FyDtC0C0B0 E0A0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtBzyyBtC0E0E0EtG0DtD0B0CtGtDtA0C0DtGyB0C 0FyCtGtBtB0FtC0EtC0C0C0B0BtC0D2Q&cr=1238645038&ir=&q=
FF - user.js: extensions.mysearchdial.id - C89CDC59617F73BE
FF - user.js: extensions.mysearchdial.instlDay - 16151
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.020:55:24
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites_14_12_ch
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_b
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 1238645038
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CyDzyyCtCyB0FyBtA0B0EtN0D0Tzu0SzztCtBtN1L2XzutBt FtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AyDtA0EtDyD0D tGtD0CzzyBtGtA0C0BtAtGzy0Czy0CtGtCtAyD0FyDtC0C0B0E0A0DtB2QtN1M1F1B2Z1V1N2Y1 L1Qzu2StDtBzyyBtC0E0E0EtG0DtD0B0CtGtDtA0C0DtGyB0C0FyCtGtBtB0FtC0EtC0C0C0B0B tC0D2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\System32\drivers\SmartDefrag Driver.sys [2014-1-20 21184]
R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2014-3-27 28600]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AcfXAudioService;AcfXAudioService;C:\windows\System32\svchost.exe -k AcfXAudioService [2009-7-13 27136]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-3-27 440400]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-3-27 440400]
R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2014-3-27 108440]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-4-15 125008]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2011-8-17 32768]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]
R2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\PC Speed Up\PCSUService.exe [2014-5-3 423720]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-23 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-10-23 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-10-23 171416]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-10-14 1228504]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-10-14 660184]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-17 2655768]
R3 GeneStor;Genesys Logic Storage Driver;C:\windows\System32\drivers\GeneStor.sys [2011-8-17 57856]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-19 317440]
R3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 PSI;PSI;C:\windows\System32\drivers\psi_mf_amd64.sys [2013-10-14 18456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-12-10 335168]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 acfva;acfva;C:\windows\System32\drivers\ACFVA64.sys [2011-11-5 122624]
S3 dgcfltr;DGC Filter Driver;C:\windows\System32\drivers\ACFDCP64.sys [2011-11-5 34944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-21 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-25 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-3 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-3-27 1017424]
.
=============== Created Last 30 ================
.
2014-05-03 15:26:34 -------- d-----w- C:\Users\Jack\AppData\Roaming\QuickScan
2014-05-03 15:22:38 -------- d-----w- C:\Program Files (x86)\PC Speed Up
2014-05-02 01:22:41 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-02 01:22:41 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-04-30 00:28:14 -------- d-s---w- C:\windows\System32\CompatTel
2014-04-29 21:55:40 465408 ----a-w- C:\windows\System32\aepdu.dll
2014-04-29 21:55:40 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-04-28 09:07:39 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-24 19:06:16 57344 ----a-r- C:\Users\Jack\AppData\Roaming\Microsoft\Installer\{69258FD1-F4EE-475A-83D1-BF68C8029592}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2014-04-24 19:06:16 57344 ----a-r- C:\Users\Jack\AppData\Roaming\Microsoft\Installer\{69258FD1-F4EE-475A-83D1-BF68C8029592}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2014-04-24 19:06:16 53248 ----a-r- C:\Users\Jack\AppData\Roaming\Microsoft\Installer\{69258FD1-F4EE-475A-83D1-BF68C8029592}\ARPPRODUCTICON.exe
2014-04-24 19:06:16 -------- d-----w- C:\Users\Jack\AppData\Roaming\Verizon
2014-04-23 18:09:36 -------- d-----w- C:\Program Files\Earth Networks
2014-04-23 18:09:32 -------- dc-h--w- C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}
2014-04-22 14:22:20 -------- d-sh--w- C:\Users\Jack\AppData\Local\EmieUserList
2014-04-22 14:22:20 -------- d-sh--w- C:\Users\Jack\AppData\Local\EmieSiteList
2014-04-22 02:10:57 5784064 ----a-w- C:\windows\System32\jscript9.dll
2014-04-22 02:10:57 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
.
==================== Find3M ====================
.
2014-05-01 14:44:06 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 14:44:06 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-04-02 01:32:52 105576 ----a-w- C:\windows\System32\cc_20140401_213247.reg
2014-03-27 21:51:19 84720 ----a-w- C:\windows\System32\drivers\avnetflt.sys
2014-03-15 14:35:14 13210 ----a-w- C:\windows\System32\cc_20140315_103509.reg
2014-03-10 22:17:22 128288 ----a-w- C:\windows\System32\IObitSmartDefragExtension.dll
2014-03-06 09:31:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:02:34 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\windows\SysWow64\user.exe
2014-02-28 10:42:34 2500 ----a-w- C:\windows\System32\cc_20140228_054230.reg
2014-02-25 15:41:28 28600 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2014-02-25 15:41:25 108440 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\windows\SysWow64\iologmsg.dll
.
============= FINISH: 15:55:47.13 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/2/2011 9:14:04 PM
System Uptime: 5/3/2014 3:42:13 PM (0 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz | CPU 1 | 2600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 906 GiB total, 825.457 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Cruzer Glide
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK& PROD_CRUZER_GLIDE&REV_1.26#200447310309FD108BF3&0#
Manufacturer: SanDisk
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK& PROD_CRUZER_GLIDE&REV_1.26#200447310309FD108BF3&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Cruzer Glide
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK& PROD_CRUZER_GLIDE&REV_1.26#200542560009F6D200EC&0#
Manufacturer: SanDisk
Name: E:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK& PROD_CRUZER_GLIDE&REV_1.26#200542560009F6D200EC&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB Mass Storage
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC& PROD_USB_MASS_STORAGE&REV__200#8&3AA967EB&0&444812990C4N3&0#
Manufacturer: Generic
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC& PROD_USB_MASS_STORAGE&REV__200#8&3AA967EB&0&444812990C4N3&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP393: 4/21/2014 10:10:39 PM - Windows Update
RP394: 4/28/2014 5:05:39 AM - Installed Java 7 Update 55
RP395: 4/29/2014 8:27:57 PM - Windows Update
RP396: 5/1/2014 9:22:27 PM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 13 ActiveX
AOL Toolbar
Avira
Avira Free Antivirus
Best Buy pc app
Bridge Baron 14
CameraHelperMsi
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EMET 4.1
erLT
Genesys USB Mass Storage Device
Google Chrome
Google Earth
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
HiJackThis
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Processor Graphics
Internet TV for Windows Media Center
IObit Malware Fighter
iSEEK AnswerWorks English Runtime
Java 7 Update 55
Java Auto Updater
Junk Mail filter update
Lenovo Driver and Application Installation
Lenovo Rescue System
Lenovo Tinian Fn PS/2 Keyboard Driver
Lexmark S410 Series Uninstaller
Logitech Webcam Software
LVT
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.5.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Netwaiting
PC Speed Up
Photo Common
Photo Gallery
Picasa 3
Quicken 2009
Quicken 2012
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.8013)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype Click to Call
Skype™ 6.14
Smart Defrag 3
Spybot - Search & Destroy
SumatraPDF
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnyiper
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wnyiper
TurboTax 2013 wrapper
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
USB Modem
Verizon Wireless Software Utility Application for Android - Samsung
VirtualCloneDrive
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WeatherBug®
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Yahoo! Mail Advisor
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
5/3/2014 9:37:02 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
5/3/2014 3:43:02 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.
5/3/2014 3:43:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
5/3/2014 3:43:01 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/3/2014 3:42:31 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/3/2014 3:42:31 PM, Error: Service Control Manager [7001] - The Fax service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/3/2014 3:42:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IMF Service service to connect.
5/3/2014 3:42:27 PM, Error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/3/2014 3:42:18 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/2/2014 5:29:50 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
5/2/2014 5:29:50 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
5/1/2014 8:35:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/1/2014 12:28:49 PM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/1/2014 10:43:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UMVPFSrv service.
4/30/2014 7:26:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
4/27/2014 7:08:17 AM, Error: Service Control Manager [7023] - The Spybot-S&D 2 Updating Service service terminated with the following error: %%-2147467243
.
==== End Of File ===========================


GMER could not work.

This is my hijack this report. I'm having issues with Microsoft security essentials saying it is not connected in red at first and then switches to green as ok. It has never done this. Also my sons games that usually come up as online were all off line till I tried to troubleshoot the network. When I first start my computer, it is really slow and it takes forever for the internet icon to show connected. I ran a scan through Microsoft and through avast security systems. My firewall says it's connected and in green. Any help would be great.


Tiffany




Report:


Logfile of HijackThis v1.99.1
Scan saved at 4:07:41 PM, on 5/3/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\White Rabbit\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Users\White Rabbit\Downloads\All Programs & Tech Support\Security & Protection Software\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.yahoo.com/?&fr=hp-avast&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/...p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://us.yahoo.com/?&fr=hp-avast&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://us.yahoo.com/?&fr=hp-avast&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\White Rabbit\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Users\White Rabbit\Downloads\All Programs & Tech Support\iTunes\iTunes Program\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [HP Officejet 6500 E710n-z (NET)] "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN0BK1130Y05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
O4 - Startup: Launch Jawbone Updater.lnk = C:\Program Files (x86)\Jawbone\LaunchJU.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PHOTOfunSTUDIO 5.0.lnk = C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70 dacb64382a61a7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70 dacb64382a61a7\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

I don't seem to be having any issues, but more than one person uses this laptop.
thank you..


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:16:58 PM, on 5/3/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 74.208.131.100 wiki.terrafirmacraft.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (avp) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2011/07/21 10:39:17 (CLKMSVC10_3A60B698) - CyberLink - C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Unknown owner - C:\Program Files (x86)\Kodak\AiO\Center\EKDiscovery.exe (file missing)
O23 - Service: Kodak AiO Device Service (KodakSvc) - Unknown owner - C:\Program Files (x86)\Kodak\AiO\center\KodakSvc.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15561 bytes

I tried d/l of AVG and must have missed opting out on something and CONDUIT has infected me once again.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:05 AM, on 5/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIBE.EXE
C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\BIN\SHORT KEY OLD VERSION\shortkey\SHORTKEY.EXE
C:\BIN\HIJACK THIS-kills adware\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=...195D2DC3&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DBAgent] "C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - HKCU\..\Run: [ChoiceMail] "C:\PROGRA~1\DIGIPO~1\CHOICE~1\ChoiceMail.exe"
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" /EF "HKCU"
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: Seagate MobileBackup Service - Seagate Technology LLC - C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7597 bytes

GMER:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-04 19:30:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 Hitachi_HDS721010CLA332 rev.JP4OA3MA 931.51GB
Running: s4jubxuq.exe; Driver: C:\Users\Carl\AppData\Local\Temp\fxldapoc.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[1636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006d101a22 2 bytes [10, 6D]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006d101ad0 2 bytes [10, 6D]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006d101b08 2 bytes [10, 6D]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006d101bba 2 bytes [10, 6D]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006d101bda 2 bytes [10, 6D]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe[3584] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe[3584] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Users\Carl\AppData\Local\Temp\~nsu.tmp\Au_.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Users\Carl\AppData\Local\Temp\~nsu.tmp\Au_.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Users\Carl\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Users\Carl\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2
.text C:\Users\Carl\Downloads\HijackThis.exe[3404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b11465 2 bytes [B1, 74]
.text C:\Users\Carl\Downloads\HijackThis.exe[3404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b114bb 2 bytes [B1, 74]
.text ... * 2

---- Files - GMER 2.1 ----

File C:\Users\Carl\Desktop\s4jubxuq.exe 380416 bytes executable

---- EOF - GMER 2.1 ----

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:54:32 p.m., on 5/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\program files (x86)\dell datasafe local backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\dell datasafe local backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Jamie\Downloads\HijackThis (1).exe
C:\windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.celticminded.com/forums/forumdisplay.php?f=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...02/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...0926/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{855B13ED-54AF-4B55-8313-E6207D887F0E}: NameServer = 203.97.78.43,203.97.78.44
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Expat Shield Routing Service (ExpatSrv) - AnchorFree Inc. - C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
O23 - Service: Expat Shield Monitoring Service (ExpatWd) - Unknown owner - C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - c:\program files (x86)\dell datasafe local backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12110 bytes




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by Jamie at 17:56:45 on 2014-05-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.1955.522 [GMT 12:00]
.
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
c:\program files (x86)\dell datasafe local backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\program files (x86)\dell datasafe local backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\dell datasafe local backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Jamie\Downloads\HijackThis (1).exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.celticminded.com/forums/forumdisplay.php?f=2
uSearch Bar = www.google.com
uSearch Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
mStart Page = www.google.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: dell.com
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5396B62F-6B4C-4DD5-BE37-B7B17CF785BA} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5396B62F-6B4C-4DD5-BE37-B7B17CF785BA}\24143554 : DHCPNameServer = 172.16.16.1
TCP: Interfaces\{5396B62F-6B4C-4DD5-BE37-B7B17CF785BA}\24163756024596D656023416073757C656 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{5396B62F-6B4C-4DD5-BE37-B7B17CF785BA}\345726963674 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{5396B62F-6B4C-4DD5-BE37-B7B17CF785BA}\F42736F6E6D275962756C6563737 : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{855B13ED-54AF-4B55-8313-E6207D887F0E} : NameServer = 203.97.78.43,203.97.78.44
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-15 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-15 208416]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-6-8 55856]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2013-5-23 22600]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-8-27 1039096]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-8-27 423240]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-1 89600]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-1 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-8-27 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-3 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-1 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2011-5-27 363336]
R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-8 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-2 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-2 857912]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-7 662232]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-8 1692480]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2010-11-4 58128]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-6-4 176000]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-6-8 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-8-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-5-2 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac. sys [2014-5-2 63192]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-11 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-4 1298496]
S3 FACAP;facap, FastAccess Video Capture;C:\windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-16 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-18 340240]
S3 PSI;PSI;C:\windows\System32\drivers\psi_mf_amd64.sys [2013-12-7 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-13 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-8 250984]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-7 1229528]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2014-2-24 16152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-2-13 30208]
S3 xrusbser;USB Serial Exar driver;C:\windows\System32\drivers\xrusbser.sys [2011-8-15 48640]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2013-8-1 4292960]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-05 01:07:02 -------- d-----w- C:\Users\Jamie\AppData\Local\{97B2C828-51E9-4B3F-AD29-447B939ABAC8}
2014-05-04 21:30:51 -------- d-----w- C:\Users\Jamie\AppData\Local\{4114BC25-903C-48E8-B860-E41079748B0C}
2014-05-04 20:21:28 0 ----a-w- C:\windows\SysWow64\sho1989.tmp
2014-05-04 12:04:29 0 ----a-w- C:\windows\SysWow64\sho88C3.tmp
2014-05-04 08:33:55 -------- d-----w- C:\Users\Jamie\AppData\Local\Opera Software
2014-05-04 08:33:54 -------- d-----w- C:\Users\Jamie\AppData\Roaming\Opera Software
2014-05-04 00:10:28 -------- d-----w- C:\Users\Jamie\AppData\Local\{444E25F8-A0F8-4C56-A90B-DFD8CC535D82}
2014-05-03 14:51:43 0 ----a-w- C:\windows\SysWow64\sho3CD1.tmp
2014-05-03 11:44:47 -------- d-----w- C:\Users\Jamie\AppData\Local\{EA345CC8-FD77-4B99-BD8D-5C8DC0640A35}
2014-05-03 01:24:37 -------- d-----w- C:\Users\Jamie\AppData\Local\AdFender
2014-05-03 01:24:37 -------- d-----w- C:\ProgramData\AdFender
2014-05-03 01:24:36 -------- d-----w- C:\Program Files (x86)\AdFender
2014-05-02 23:52:30 0 ----a-w- C:\windows\SysWow64\shoB4D3.tmp
2014-05-02 12:22:38 0 ----a-w- C:\windows\SysWow64\shoAFE2.tmp
2014-05-02 09:31:51 -------- d-----w- C:\Users\Jamie\AppData\Local\{C9F9AC15-84AC-4F99-B1E5-AA22AE11D531}
2014-05-02 07:44:01 0 ----a-w- C:\windows\SysWow64\sho9699.tmp
2014-05-02 07:11:24 -------- d-----w- C:\Users\Jamie\AppData\Local\TrustDefender
2014-05-02 06:06:00 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-02 06:01:23 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-05-02 05:47:09 -------- d-----w- C:\Users\Jamie\AppData\Local\Secunia PSI
2014-05-02 05:46:44 -------- d-----w- C:\Program Files (x86)\Secunia
2014-05-01 22:07:50 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-05-01 22:07:16 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-05-01 22:07:16 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-05-01 22:07:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 21:30:37 -------- d-----w- C:\Users\Jamie\AppData\Local\{6B2BFC62-9FE0-45EF-923F-3CE01914CC53}
2014-05-01 11:07:43 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-05-01 11:07:40 43152 ----a-w- C:\windows\avastSS.scr
2014-05-01 09:29:31 -------- d-----w- C:\Users\Jamie\AppData\Local\{2C92BC0C-978A-4644-81FA-21086290B43F}
2014-04-29 21:09:17 -------- d-----w- C:\Users\Jamie\AppData\Local\{7E64C284-2068-453D-808F-68A981179F12}
2014-04-29 01:13:38 -------- d-----w- C:\Users\Jamie\AppData\Local\{9FB169E9-418C-4894-ADC6-7ED3BAFDAB36}
2014-04-28 20:26:22 -------- d-----w- C:\Users\Jamie\AppData\Local\{CEB85BF1-28CF-4411-9A19-B3E54D4A2B70}
2014-04-28 00:42:13 -------- d-----w- C:\Users\Jamie\AppData\Local\{CAD99C32-B9BA-426F-8CD7-A39F267C14AC}
2014-04-27 10:52:16 -------- d-----w- C:\Users\Jamie\AppData\Local\{9173FE83-69C0-4B3D-97C4-74C3D53FD314}
2014-04-26 22:51:18 -------- d-----w- C:\Users\Jamie\AppData\Local\{0AC7D3B1-F721-4AD0-A262-F7877BFAD440}
2014-04-26 08:27:21 -------- d-----w- C:\Users\Jamie\AppData\Local\{CB3737A0-AD6F-4125-A82D-CC099886322B}
2014-04-25 20:26:18 -------- d-----w- C:\Users\Jamie\AppData\Local\{80369C07-3754-474C-9E8E-BF4ADC0E696B}
2014-04-25 07:50:41 -------- d-----w- C:\Users\Jamie\AppData\Local\{DD55939B-C260-410D-8F95-3BDD35B000AC}
2014-04-24 19:49:50 -------- d-----w- C:\Users\Jamie\AppData\Local\{13C5ACCF-F949-4781-81B6-5F6A3F36378E}
2014-04-24 00:46:45 -------- d-----w- C:\Users\Jamie\AppData\Local\{77F8B1C0-B58D-4436-8188-9583109FDB82}
2014-04-23 09:32:37 -------- d-----w- C:\Users\Jamie\AppData\Local\{FDBDBBC5-AC80-4573-A530-9DE2DA26C710}
2014-04-22 20:17:53 -------- d-----w- C:\Users\Jamie\AppData\Local\{C341CCD4-687B-48FE-9364-A2AEB7B7A387}
2014-04-22 01:14:34 -------- d-----w- C:\Users\Jamie\AppData\Local\{C2E7E72D-F694-44BF-9592-2BD26D4D75D5}
2014-04-21 21:03:18 -------- d-----w- C:\Users\Jamie\AppData\Local\{9E39A511-D286-46E3-834F-E4D1232F69A3}
2014-04-21 09:02:50 -------- d-----w- C:\Users\Jamie\AppData\Local\{6DE06C6A-82EA-404F-9CB3-7541F575BB47}
2014-04-20 20:52:57 -------- d-----w- C:\Users\Jamie\AppData\Local\{E68273FB-A4E7-4523-9475-F59A69FBFB66}
2014-04-20 00:19:19 -------- d-----w- C:\Users\Jamie\AppData\Local\{320F499F-F573-40A2-8E4F-238D47A7DC6B}
2014-04-19 12:18:48 -------- d-----w- C:\Users\Jamie\AppData\Local\{81688227-1DF4-4EF6-8F44-191942D043CE}
2014-04-18 23:52:17 -------- d-----w- C:\Users\Jamie\AppData\Local\{6BA07CF4-EA55-41D1-8496-28CD2A7EE66A}
2014-04-18 10:52:14 -------- d-----w- C:\Users\Jamie\AppData\Local\{DD69EF56-A80A-4CEA-A2FD-883F8256F5C1}
2014-04-17 22:51:43 -------- d-----w- C:\Users\Jamie\AppData\Local\{96C79D76-84B4-472E-80BA-51CF9796D14A}
2014-04-17 08:41:59 -------- d-----w- C:\Users\Jamie\AppData\Local\{2A6F5253-C3C8-4D47-8E85-20A1D4353734}
2014-04-16 20:41:29 -------- d-----w- C:\Users\Jamie\AppData\Local\{02EFE5D1-B2C1-490A-9104-B6F040AFDF23}
2014-04-16 20:40:47 -------- d-sh--w- C:\Users\Jamie\AppData\Local\EmieUserList
2014-04-16 20:40:47 -------- d-sh--w- C:\Users\Jamie\AppData\Local\EmieSiteList
2014-04-16 06:02:09 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-04-16 06:02:07 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-16 06:00:53 8011776 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-04-16 05:52:30 243712 ----a-w- C:\windows\System32\wow64.dll
2014-04-16 05:52:29 362496 ----a-w- C:\windows\System32\wow64win.dll
2014-04-16 05:52:29 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2014-04-16 05:52:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2014-04-16 05:52:28 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2014-04-16 05:52:28 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2014-04-16 05:52:24 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2014-04-16 05:52:24 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2014-04-16 05:52:23 2048 ----a-w- C:\windows\SysWow64\user.exe
2014-04-16 00:41:10 -------- d-----w- C:\Users\Jamie\AppData\Local\Harmony_Hollow_Software
2014-04-16 00:38:07 -------- d-----w- C:\Users\Jamie\AppData\Local\CTSounds
2014-04-16 00:20:21 -------- d-----w- C:\Users\Jamie\AppData\Local\{933E6FC6-21EF-4AE9-ABC3-91393573D2CF}
2014-04-15 09:11:26 -------- d-----w- C:\Users\Jamie\AppData\Local\{5922316E-BB92-44EB-83E2-7DBF40CA4B30}
2014-04-14 21:10:35 -------- d-----w- C:\Users\Jamie\AppData\Local\{0E1FAC32-B0F3-4897-95BC-E60C217436A3}
2014-04-14 08:41:38 -------- d-----w- C:\Users\Jamie\AppData\Local\{3AAECDF1-FA72-40D2-8FE4-CE368BA8B1E7}
2014-04-13 20:40:44 -------- d-----w- C:\Users\Jamie\AppData\Local\{7D105220-D3F2-4538-A798-EBB15F121DAF}
2014-04-13 08:39:36 -------- d-----w- C:\Users\Jamie\AppData\Local\{891D3C97-BE56-4F1C-83A2-7B2225498C83}
2014-04-12 20:38:31 -------- d-----w- C:\Users\Jamie\AppData\Local\{688DD981-7BC3-47AC-AF78-21EBC0899F31}
2014-04-12 08:37:39 -------- d-----w- C:\Users\Jamie\AppData\Local\{419AACD6-E743-468E-9363-7A4A9659093C}
2014-04-11 20:36:46 -------- d-----w- C:\Users\Jamie\AppData\Local\{BB37CA84-B0B1-4CEC-91B9-0BC8C20567E2}
2014-04-11 08:02:13 -------- d-----w- C:\Users\Jamie\AppData\Local\{F1441A02-306A-43CF-A727-CA7A49AD8DA0}
2014-04-10 20:01:19 -------- d-----w- C:\Users\Jamie\AppData\Local\{18B36C13-3617-4B48-9134-F6C5C44F3E07}
2014-04-10 00:56:40 -------- d-----w- C:\Users\Jamie\AppData\Local\{B7C6C9A2-D5BE-4AD5-9A41-4AD1E0F58F32}
2014-04-09 09:38:07 -------- d-----w- C:\Users\Jamie\AppData\Local\{DDCFB7CA-87C2-408A-A23E-9D7428677770}
2014-04-08 20:58:51 -------- d-----w- C:\Users\Jamie\AppData\Local\{9BC37940-0D34-478F-B0C8-586DFEAB84BB}
2014-04-07 20:33:28 -------- d-----w- C:\Users\Jamie\AppData\Local\{4D59185E-FEAE-488E-85A5-EF97F13515A1}
2014-04-07 07:53:13 -------- d-----w- C:\Users\Jamie\AppData\Local\{DD0ECDF3-A3E4-42AF-8675-22F618C37197}
2014-04-06 19:52:34 -------- d-----w- C:\Users\Jamie\AppData\Local\{552ED290-78FB-4392-94B4-E11D735A9BCA}
2014-04-06 01:33:41 -------- d-----w- C:\Users\Jamie\AppData\Local\{E953F456-C8B2-4401-9D9B-C5640A053F7B}
2014-04-05 10:39:23 -------- d-----w- C:\Users\Jamie\AppData\Local\{C6BE1978-7612-4620-80C2-3EEB8DE8057E}
2014-04-05 09:41:54 -------- d-----w- C:\Users\Jamie\AppData\Local\{413F5C4B-BE59-4A38-99E0-242548C4A987}
.
==================== Find3M ====================
.
2014-05-02 06:03:38 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-02 06:03:38 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-01 11:07:41 85328 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-05-01 11:07:41 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-05-01 11:07:41 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-05-01 11:07:41 208416 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-05-01 11:07:41 1039096 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-05-01 11:07:40 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-04-02 21:50:58 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-03-06 09:32:16 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\windows\SysWow64\wininet.dll
2014-03-04 09:17:05 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2014-02-24 01:55:56 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 18:00:01.41 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/06/2011 10:20:35 p.m.
System Uptime: 5/05/2014 4:33:05 p.m. (2 hours ago)
.
Motherboard: Dell Inc. | | 034W60
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU 1 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 235.873 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart B110 series
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: HP
Name: Photosmart B110 series
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
==== System Restore Points ===================
.
RP328: 30/04/2014 10:55:43 p.m. - Removed Java 7 Update 25
RP329: 30/04/2014 11:02:15 p.m. - Adblock Plus for IE
RP330: 30/04/2014 11:30:18 p.m. - Adblock Plus for IE
RP331: 1/05/2014 10:51:33 p.m. - Removed PC care
RP332: 1/05/2014 11:06:11 p.m. - avast! antivirus system restore point
RP333: 2/05/2014 6:07:29 p.m. - Windows Update
RP334: 2/05/2014 7:21:52 p.m. - Removed Windows Media Player Firefox Plugin
.
==== Installed Programs ======================
.
3GP Player 2011
64 Bit HP CIO Components Installer
AdFender
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.9) MUI
Advanced Audio FX Engine
Akamai NetSession Interface
avast! Free Antivirus
B110
BufferChm
calibre 64bit
CCleaner
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell System Detect
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Destinations
DeviceDiscovery
Facebook Video Calling 2.0.0.447
Free Alarm Clock 2.7.1
Google Chrome
Google Update Helper
GPBaseService2
HiJackThis
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
IDT Audio
inSSIDer 3
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Java 7 Update 55
Java 7 Update 55 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.1.1004
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
MyDriveConnect 3.3.0.1342
Network64
Opera Stable 20.0.1387.91
PhotoScape
PS_AIO_07_B110_SW_Min
Quickset64
QuickTransfer
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Scan
Secunia PSI (3.0.0.9016)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype™ 6.11
SmartWebPrinting
SolutionCenter
Speccy
Spotify
Status
Texas Instruments TUSB3410 drivers.
Toolbox
TrayApp
TUSB3410
Unity Web Player
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Visual Studio C++ 10.0 Runtime
WebReg
Windows Driver Package - Exar Corporation (xrusbser) Ports (08/17/2011 1.7.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.10 beta 4 (64-bit)
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
5/05/2014 4:34:37 p.m., Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/05/2014 1:05:19 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
4/05/2014 6:23:04 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
30/04/2014 11:52:36 p.m., Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21
30/04/2014 11:52:16 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm discache spldr Wanarpv6
30/04/2014 11:52:16 p.m., Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
29/04/2014 8:23:39 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Device Monitor service to connect.
29/04/2014 8:23:39 a.m., Error: Service Control Manager [7000] - The Bluetooth Device Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/04/2014 6:36:02 p.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
29/04/2014 6:36:02 p.m., Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/04/2014 6:36:02 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/04/2014 6:36:00 p.m., Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
29/04/2014 6:36:00 p.m., Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
2/05/2014 7:48:39 p.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
2/05/2014 10:55:10 a.m., Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================



GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-05 18:11:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MC00 298.09GB
Running: m50b67wr.exe; Driver: C:\Users\Jamie\AppData\Local\Temp\ugloypod.sys

---- Threads - GMER 2.1 ----
Thread C:\windows\System32\svchost.exe [348:1712] 000007fef6996b8c
Thread C:\windows\System32\svchost.exe [348:2768] 000007fef6991d88
Thread C:\windows\system32\svchost.exe [508:1668] 000007fefa051a50
Thread C:\windows\system32\svchost.exe [508:4576] 000007fefb33506c
Thread C:\windows\system32\svchost.exe [508:4580] 000007fef5a21c20
Thread C:\windows\system32\svchost.exe [508:4584] 000007fef5a21c20
Thread C:\windows\system32\svchost.exe [508:5456] 000007fef87b5124
Thread C:\windows\system32\svchost.exe [508:1840] 000007fef6551ab0
Thread C:\windows\system32\svchost.exe [1180:1292] 000007fefaf88274
Thread C:\windows\system32\svchost.exe [1180:2312] 000007fefaf88274
Thread C:\windows\system32\svchost.exe [1320:6272] 000007fef8fd5170
Thread C:\windows\system32\WLANExt.exe [1460:1560] 00000001800ee130
Thread C:\windows\system32\WLANExt.exe [1460:1564] 0000000180090110
Thread C:\windows\system32\WLANExt.exe [1460:1568] 00000001800ee130
Thread C:\windows\system32\WLANExt.exe [1460:1420] 000007fefa232f9c
Thread C:\windows\system32\WLANExt.exe [1460:2156] 0000000000a18bc8
Thread C:\windows\system32\WLANExt.exe [1460:2160] 0000000000a18be4
Thread C:\windows\system32\WLANExt.exe [1460:2164] 0000000000a18bac
Thread C:\windows\system32\WLANExt.exe [1460:2184] 000007fefa232f9c
Thread C:\windows\System32\spoolsv.exe [1688:2700] 000007fef8a610c8
Thread C:\windows\System32\spoolsv.exe [1688:2704] 000007fef8a26144
Thread C:\windows\System32\spoolsv.exe [1688:2708] 000007fef9a95fd0
Thread C:\windows\System32\spoolsv.exe [1688:2712] 000007fef8a03438
Thread C:\windows\System32\spoolsv.exe [1688:2716] 000007fef9a963ec
Thread C:\windows\System32\spoolsv.exe [1688:2720] 000007fef8a03438
Thread C:\windows\System32\spoolsv.exe [1688:2724] 000007fef9a963ec
Thread C:\windows\System32\spoolsv.exe [1688:2732] 000007fef8e25e5c
Thread C:\windows\System32\spoolsv.exe [1688:2804] 000007fef8ab8760
Thread C:\windows\system32\svchost.exe [1732:2496] 000007fef9de35c0
Thread C:\windows\system32\svchost.exe [1732:2500] 000007fef9de5600
Thread C:\windows\system32\svchost.exe [1732:5232] 000007fef48f2888
Thread C:\windows\system32\svchost.exe [1732:5240] 000007fef48e2940
Thread C:\windows\system32\taskhost.exe [2304:2960] 000007fefb881010
Thread C:\windows\system32\taskhost.exe [2304:3380] 000007fef8fd5170
Thread C:\windows\system32\svchost.exe [3528:3660] 000007fef9a95fd0
Thread C:\windows\system32\svchost.exe [3528:3664] 000007fef8a03438
Thread C:\windows\system32\svchost.exe [3528:3668] 000007fef9a963ec
Thread C:\windows\system32\taskhost.exe [3412:1160] 000007fef8d4ef24
---- EOF - GMER 2.1 ----





Thank you very much.

Hi kcthumper

I have deleted your duplicate posts. Please continue replies, for this issue, in this thread.
Thank you.

Oh I need to completely eliminate Bing and Conduit search engines. How do I do that after everything else?

Thanks!

All scans with the exception of GMER completed... this one kept blue screening me. I attached a debug of the minidump for that though, just in case...


*** MINIDUMP FROM BSOD WHEN RUNNING GMER (version is > 2.0 as required for x64)
Note: Antivirus on system is System Center Endpoint Protection.. any other antimalware programs have been uninstalled.

Thanks for taking the time to read this, I am new to the site and went to hardware to try to fix an issue, Wayne and Frank both were very nice, Wayne recommended that i go to malware virus first, i have three issue i hope to receive some free advice on. the hardware issue was a wireless button not working, i believe the driver is bad, qualcomm atheros 9485 802.11b?g/n. but following directions seemed very difficult, as i am having an issue with redirects, new tabs opening and pop ups, so many in fact i am having trouble following download directions, i believe i have had as many as 6 at once, mostly multiple, but at times only one. When downloading often a new window opens when thing are correct, but not a half dozen and some are clearly not related, but many are close to what i want. i had a malware q pro something, google told me how to remove it, it returned, the conduit, thing has affect me, toolbars are installed with out my ok, so i read carefully when going through the steps. now i do not know what is my problem with all the unwanted pop ups, redirects new tabs new links, my wife works daily on a computer, she is a CAD operator, while out of town she bought me a new laptop just like hers except software. my desktop was down i was trying to re install either vita or windows 7, i had the system disks and a mirror of computer i bought. got to final step and crashes. have any suggestion on the virus issue as this conputer works with an ethernet cable but not wireless, so i have access to web on it. if i get rid of all the pop up issue maybe i can reinstall wireless button driver and proceed to my desktop. but if reformatting my desktop is easier that is fine.

I recently have been having issues with my web browsers. Besides getting bombarded with pop-ups, in my LAN settings the proxy server check box is randomly checked when I am using the internet. So far every few clicks I have been going into the settings and unchecking the box. However, this is becoming very annoying and was wondering how to fix this problem? Am I right in assuming its a malware issue?


Thanks for the help

Hi,

First post so, hello.

I received a whole bunch of emails from Sue Mockridge with PDF invoices from Broad Oak Toiletries attached.

In a moment of complete and utter foolishness I opened one of the PDFs and got an error message which I think said something along the lines of "File not found". I realise this is a spam email with all sorts of nastiness inside but I'm hoping that as I'm using a Mac (OSX 10.8.5) this may have saved me.

Can anyone confirm if this is something I need to be concerned about and if so what I do to check and correct it?

All comments are appreciated.

Thanks in advance.

The logs clearly show pirated versions of windows & adobe software
We decline to assist on any pirated software
This topic is closed