COMBOFIX
---------------
Refer to the ComboFix User's Guide

1. Download ComboFix from the following location: Link * IMPORTANT !!! Place ComboFix.exe on your Desktop
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here
3. Double click on ComboFix.exe & follow the prompts.
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
5. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. ---------------------------------------------------------------------------------------------
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, please provide the following:

• ComboFix log.
• Update on how your PC is running.

Regards,

Richard:D

My husband tried to watch a video on facebook. it told him our computer wasn't optimized to watch that video and he needed to download a certain plug-in. which he did, much to my dismay!!!!! now we are locked out of facebook I think. all other websites work fine. when we try to get on facebook, the lock symbol at the top turns red. it says security risk and the page will not come up. does anyone know how to fix this? i can get on facebook with my Kindle, so I know it's not our internet. we have Verizon FIOS. thank you

That's fine, just post when you are ready.

I appreciate all your help and will finish up the clean up in a little bit.
You guys are awesome aw usual and I will donate when I get back from my meeting at 4:45!

Incredible - awesome!
Michele

Have you tried re-installing the wireless driver?

Look in the Device Manager and see if there are any yellow warnings next to any of the hardware.

Hi,

I've been having trouble connecting to the internet, since I've downloaded an add-on from/ for Firefox.
It is hard to connect; but in general if I do is not easy or I can hardly get any signal from a series of available WIFI, this happens in places where I used to connect easily.
Moreover, the system crashes often, specially if using a few programs. Or while surfing the net, it may freeze the whole page or tab. Other times the system is so painfully slow, again was not like this.
I've been experiencing this discrepancies for over a month, previously the laptop was running fine, was able to connect easily to any wireless available and was able to get a good signal everywhere without crashing.
While writing this message, I've opened another tab in the same window through Firefox and the whole page crashed, but then it mysteriously recovered.
Since all this started, I've tried NPE, refreshed this computer, but nothing has helped.
Here is all the requested logs
I thank you in advance for your time and consideration.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:15 PM, on 27/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\felicia\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Monitor Ink Alerts - HP Deskjet 2540 series.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7557 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.55.2 Run by felicia at 23:40:44 on 2014-05-27 Microsoft Windows 8 6.2.9200.0.1252.61.1033.18.3525.2361 [GMT 13:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe C:\windows\system32\mfevtps.exe C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe C:\Program Files\CyberLink\Shared files\RichVideo64.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer Launch Manager\LMTray.exe C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\RunDll32.exe C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe C:\Program Files\Acer\Acer Power Management\ePowerTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\felicia\Desktop\b30z2qgr.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:Tabs uDefault_Page_URL = hxxp://acer13.msn.com mWinlogon: Userinit = userinit.exe BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coieplg.dll mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" StartupFolder: C:\Users\felicia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \MONITO~1.LNK - C:\Windows\System32\RunDll32.exe TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54}\3486160756C602341666665656 : DHCPNameServer = 203.12.160.35 203.12.160.36 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54}\8457E676279702A41636B6723702642554540275966496 : DHCPNameServer = 203.134.64.66 203.134.65.66 SSODL: WebCheck - <orphaned> x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\7wx59cmx.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-23 752672] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-23 335784] R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1503000.00C\symds64.sys [2014-5-16 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1503000.00C\symefa64.sys [2014-5-16 1148120] R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sy s [2014-5-10 1530160] R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\Drivers\NISx64\1503000.00C\ccsetx64.sys [2014-5-16 162392] R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140526.001\IDSviA64.sys [2014-5-27 525016] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1503000.00C\ironx64.sys [2014-5-16 264280] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1503000.00C\symnets.sys [2014-5-16 593112] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-13 241152] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-4-15 228480] R2 LMSvc;Launch Manager Service;C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2013-3-15 431656] R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2013-4-13 237920] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-4-13 218320] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-4-13 177144] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\nis.exe [2014-5-16 276376] R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-5-19 390672] R3 AthrSdSrv;AthrSdSrv;C:\Windows\System32\Drivers\athrsd.sys [2013-4-13 48760] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-13 94208] R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-6-2 34384] R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-3-15 662088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-4-5 137648] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2013-4-13 119528] R3 LMDriver;Launch Manager Wireless Driver;C:\Windows\System32\Drivers\LMDriver.sys [2013-1-10 21360] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-23 300392] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-23 513456] R3 RadioShim;Shim for HID-KMDF Interface layer;C:\Windows\System32\Drivers\RadioShim.sys [2013-1-10 15704] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-6-2 58536] S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-19 66712] S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1503000.00C\symelam.sys [2014-5-16 23568] S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-6-2 89168] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-6-2 346192] S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-6-2 115280] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-6-2 179432] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-6-2 77464] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-6-2 136784] S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-6-2 584272] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752] S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-23 69672] S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-17 469648] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-23 106112] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] . =============== File Associations =============== . FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" -o "%1" [UserChoice] . =============== Created Last 30 ================ . 2014-05-24 05:40:55 258224 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin 2014-05-19 08:12:58 -------- d-----w- C:\{095B0246-4EB6-45B9-B1BE-536097A0BDDA} 2014-05-19 08:11:44 -------- d-----w- C:\Windows\Downloaded Installations 2014-05-18 00:52:34 -------- d-----w- C:\Program Files (x86)\VideoLAN 2014-05-16 00:13:21 593112 ----a-w- C:\Windows\System32\drivers\NISx64\1503000.00C\symnets.sys 2014-05-16 00:13:20 875736 ----a-w- C:\Windows\System32\drivers\NISx64\1503000.00C\srtsp64.sys 2014-05-16 00:13:20 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symds64.sys 2014-05-16 00:13:20 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\srtspx64.sys 2014-05-16 00:13:20 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\ironx64.sys 2014-05-16 00:13:20 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symelam.sys 2014-05-16 00:13:20 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\ccsetx64.sys 2014-05-16 00:13:20 1148120 ----a-w- C:\Windows\System32\drivers\NISx64\1503000.00C\symefa64.sys 2014-05-16 00:13:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1503000.00C 2014-05-15 10:02:37 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-05-15 10:02:37 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2014-05-15 10:00:33 78336 ----a-w- C:\Windows\System32\drivers\IPMIDrv.sys 2014-05-15 10:00:33 621568 ----a-w- C:\Windows\System32\drivers\srv2.sys 2014-05-15 10:00:33 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2014-05-15 10:00:33 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2014-05-15 10:00:33 215040 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2014-05-15 10:00:33 1120768 ----a-w- C:\Windows\System32\gpedit.dll 2014-05-15 10:00:33 1075200 ----a-w- C:\Windows\SysWow64\gpedit.dll 2014-05-11 08:53:18 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll 2014-05-11 08:53:18 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll 2014-05-11 08:53:18 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll 2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2014-05-06 09:11:17 693760 ----a-w- C:\Windows\System32\WSShared.dll 2014-05-06 09:11:17 628024 ----a-w- C:\Windows\System32\NotificationUI.exe 2014-05-06 09:11:17 566784 ----a-w- C:\Windows\SysWow64\WSShared.dll 2014-05-06 09:11:16 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-06 09:11:16 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll . ==================== Find3M ==================== . 2014-05-27 06:57:06 65536 ----a-w- C:\Windows\System32\spu_storage.bin 2014-05-01 20:37:50 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-05-01 20:37:50 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-04-21 09:08:45 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-12 09:27:03 172888 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-04-12 09:10:31 578048 ----a-w- C:\Windows\System32\winlogon.exe 2014-04-12 09:09:43 208896 ----a-w- C:\Windows\System32\wdigest.dll 2014-04-12 09:09:39 1043968 ----a-w- C:\Windows\System32\usercpl.dll 2014-04-12 09:09:34 94720 ----a-w- C:\Windows\System32\TSpkg.dll 2014-04-12 09:09:19 588288 ----a-w- C:\Windows\System32\SHCore.dll 2014-04-12 09:08:37 318464 ----a-w- C:\Windows\System32\msv1_0.dll 2014-04-12 09:08:17 439808 ----a-w- C:\Windows\System32\lsm.dll 2014-04-12 09:08:17 1281536 ----a-w- C:\Windows\System32\lsasrv.dll 2014-04-12 09:08:10 827904 ----a-w- C:\Windows\System32\kerberos.dll 2014-04-12 09:07:36 20480 ----a-w- C:\Windows\System32\credssp.dll 2014-04-12 07:23:59 178688 ----a-w- C:\Windows\SysWow64\wdigest.dll 2014-04-12 07:23:52 961536 ----a-w- C:\Windows\SysWow64\usercpl.dll 2014-04-12 07:23:49 76800 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2014-04-12 07:23:40 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll 2014-04-12 07:23:14 273920 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2014-04-12 07:22:58 666624 ----a-w- C:\Windows\SysWow64\kerberos.dll 2014-04-12 07:22:33 17408 ----a-w- C:\Windows\SysWow64\credssp.dll 2014-04-12 06:58:06 14848 ----a-w- C:\Windows\System32\workerdd.dll 2014-04-01 13:34:26 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2014-03-28 19:19:38 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys 2014-03-28 08:23:00 1287168 ----a-w- C:\Windows\System32\schedsvc.dll 2014-03-23 22:11:52 269592 ----a-w- C:\Windows\System32\drivers\WdFilter.sys 2014-03-11 03:32:43 6987096 ----a-w- C:\Windows\System32\ntoskrnl.exe 2014-03-11 03:25:51 100184 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2014-03-11 00:41:55 323072 ----a-w- C:\Windows\SysWow64\schannel.dll 2014-03-11 00:41:51 559104 ----a-w- C:\Windows\SysWow64\objsel.dll 2014-03-11 00:41:24 38400 ----a-w- C:\Windows\SysWow64\dimsroam.dll 2014-03-11 00:39:12 35840 ----a-w- C:\Windows\System32\lsass.exe 2014-03-11 00:38:58 27648 ----a-w- C:\Windows\System32\sspisrv.dll 2014-03-11 00:38:58 164864 ----a-w- C:\Windows\System32\sspicli.dll 2014-03-11 00:38:53 419328 ----a-w- C:\Windows\System32\schannel.dll 2014-03-11 00:38:47 684032 ----a-w- C:\Windows\System32\objsel.dll 2014-03-11 00:38:31 982016 ----a-w- C:\Windows\System32\KernelBase.dll 2014-03-11 00:38:23 45056 ----a-w- C:\Windows\System32\dimsroam.dll 2014-03-11 00:38:23 179712 ----a-w- C:\Windows\System32\dpapisrv.dll 2014-03-10 03:05:14 668160 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2014-03-10 01:27:03 99840 ----a-w- C:\Windows\SysWow64\sspicli.dll 2014-03-07 00:48:11 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-03-07 00:47:24 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-07 00:08:30 2240000 ----a-w- C:\Windows\System32\wininet.dll 2014-03-07 00:08:27 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2014-03-07 00:08:06 3959808 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-03 23:07:48 570216 ----a-w- C:\Windows\System32\drivers\cng.sys 2008-01-13 04:15:00 75144 ----a-w- C:\Program Files\M2tsReadFilter.ax 2007-12-20 05:30:46 288136 ----a-w- C:\Program Files\HDCopy.exe 2007-12-13 14:59:54 274312 ----a-w- C:\Program Files\MediaEditor.dll 2007-12-13 14:03:44 120200 ----a-w- C:\Program Files\M2tsManager.dll 2007-12-05 15:54:44 83336 ----a-w- C:\Program Files\HDForm.exe 2007-12-05 15:54:44 148872 ----a-w- C:\Program Files\HDWriter.exe 2007-12-05 14:51:38 68488 ----a-w- C:\Program Files\SPTICtrl.dll 2007-12-05 14:51:38 43912 ----a-w- C:\Program Files\StillCtrlManager.dll 2007-12-05 14:51:34 64392 ----a-w- C:\Program Files\RWEngine.dll 2007-12-05 14:51:34 44424 ----a-w- C:\Program Files\SDFSLayer.dll 2007-12-05 14:51:30 693128 ----a-w- C:\Program Files\RenderingEngine.dll 2007-12-05 14:51:30 230792 ----a-w- C:\Program Files\PowerCheck.exe 2007-12-05 14:51:28 107912 ----a-w- C:\Program Files\PictureLib.dll 2007-12-05 14:51:26 49032 ----a-w- C:\Program Files\PicResize.dll 2007-12-05 14:51:24 54664 ----a-w- C:\Program Files\Mpeg2SDK.dll 2007-12-05 14:51:22 353672 ----a-w- C:\Program Files\MicsFsUDF_AH.dll 2007-12-05 14:51:20 71048 ----a-w- C:\Program Files\MicsArch.dll 2007-12-05 14:51:20 132488 ----a-w- C:\Program Files\MicsFSHDDW32_AH.dll 2007-12-05 14:49:58 62856 ----a-w- C:\Program Files\AvchdPushElement.ax 2007-12-05 14:48:54 165256 ----a-w- C:\Program Files\MSEditCore.dll 2007-12-05 14:48:52 91528 ----a-w- C:\Program Files\HDEditor.exe 2007-12-05 14:48:50 79240 ----a-w- C:\Program Files\ExportParameter.dll 2007-12-05 14:48:50 58760 ----a-w- C:\Program Files\DeviceSelect.dll 2007-12-05 14:48:48 415112 ----a-w- C:\Program Files\AVCHDPlugin.dll 2007-08-20 05:33:02 2108416 ----a-w- C:\Program Files\meimpgvout.004 2007-08-20 05:33:00 2830336 ----a-w- C:\Program Files\meimpgvdec.dll 2007-08-20 05:33:00 2062848 ----a-w- C:\Program Files\meimpgvout.001 2007-08-20 05:33:00 2060288 ----a-w- C:\Program Files\meimpgvout.002 2007-08-20 05:33:00 2051584 ----a-w- C:\Program Files\meimpgvout.003 2007-08-20 05:33:00 147456 ----a-w- C:\Program Files\meimuxmpeg.ax 2007-08-20 05:33:00 13312 ----a-w- C:\Program Files\meimpgvout.dll 2007-08-20 05:32:58 90112 ----a-w- C:\Program Files\meievmpeg.ax 2007-08-20 05:32:58 86016 ----a-w- C:\Program Files\meidsmpeg.ax 2007-08-20 05:32:58 61440 ----a-w- C:\Program Files\meieampeg.ax 2007-08-20 05:32:58 516096 ----a-w- C:\Program Files\MCMux_HDMV.ax 2007-08-20 05:32:58 434176 ----a-w- C:\Program Files\meimpegin.dll 2007-08-20 05:32:58 225280 ----a-w- C:\Program Files\meimpgmux.dll 2007-08-20 05:32:58 208896 ----a-w- C:\Program Files\meimpgaout.dll 2007-08-20 05:32:58 155648 ----a-w- C:\Program Files\meimpgdmux.dll 2007-08-20 05:32:58 106496 ----a-w- C:\Program Files\meimpgadec.dll 2007-08-20 05:32:56 73728 ----a-w- C:\Program Files\mch264vout.dll 2007-08-20 05:32:56 1167360 ----a-w- C:\Program Files\mch264vout.001 2007-04-19 09:46:14 127488 ----a-w- C:\Program Files\srscaler.dll 2007-04-19 09:46:12 208896 ----a-w- C:\Program Files\mcscaler.ax 2007-03-07 06:00:02 91736 ----a-w- C:\Program Files\lffax14N.dll 2007-03-07 06:00:02 442368 ----a-w- C:\Program Files\LTkrn14N.dll 2007-03-07 06:00:02 38488 ----a-w- C:\Program Files\LTWND14N.DLL 2007-03-07 06:00:02 38488 ----a-w- C:\Program Files\lflmb14N.dll 2007-03-07 06:00:02 370264 ----a-w- C:\Program Files\lfCMP14N.DLL 2007-03-07 06:00:02 267864 ----a-w- C:\Program Files\LTDIS14N.dll 2007-03-07 06:00:02 243288 ----a-w- C:\Program Files\LTefx14N.dll 2007-03-07 06:00:02 161368 ----a-w- C:\Program Files\LTfil14N.DLL . ============= FINISH: 23:41:41.26 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 10/12/2013 3:02:37 AM System Uptime: 26/05/2014 10:56:43 PM (25 hours ago) . Motherboard: Acer | | Aspire E1-522 Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics | Socket FT1 | 800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 138.816 GiB free. D: is CDROM (UDF) E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Bluetooth USB Adapter Device ID: USB\VID_04CA&PID_300B\5&1FFA7C5&0&2 Manufacturer: Qualcomm Atheros Communications Name: Bluetooth USB Adapter PNP Device ID: USB\VID_04CA&PID_300B\5&1FFA7C5&0&2 Service: BTHUSB . ==== System Restore Points =================== . RP32: 6/05/2014 10:32:47 PM - Windows Update RP33: 14/05/2014 10:44:16 PM - Scheduled Checkpoint RP34: 18/05/2014 1:29:05 AM - Installed HD Writer 2.5E for HDC RP35: 19/05/2014 9:11:47 PM - Installed MainConcept AVCHD Transcoder v. 2.1 RP36: 20/05/2014 9:55:19 AM - Restore Operation . ==== Installed Programs ====================== . clear.fi SDK- Movie 2 clear.fi SDK - Video 2 Acer Device Fast-lane Acer Launch Manager Acer Power Management Acer Recovery Management Adobe Flash Player 13 Plugin Adobe Reader XI (11.0.07) AMD Accelerated Video Transcoding AMD Catalyst Install Manager AMD VISION Engine Control Center Apple Application Support Apple Software Update Bonjour Caesar IV Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish clear.fi Media Compatibility Pack for the 2007 Office system CyberLink PowerDirector 12 CyberLink PowerDVD 13 HP Deskjet 2540 series Basic Device Software Identity Card iTunes Java 7 Update 55 Java Auto Updater Live Updater MainConcept AVCHD Transcoder v. 2.1 Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) Microsoft Office Word Viewer 2003 Microsoft PowerPoint Viewer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Mozilla Firefox 29.0.1 (x86 en-US) MySQL Connector/ODBC 3.51 NewBlue Video Essentials for PowerDirector Norton Internet Security OEM Application Profile Office Addin OpenOffice 4.0.1 QCA CardReader Driver Installer Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Qualcomm Atheros WLAN and Bluetooth Client Installation Program QuickTime 7 Realtek High Definition Audio Driver Shared C Run-time for x64 Synaptics Pointing Device Driver Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) VLC media player 2.1.3 . ==== Event Viewer Messages From Past Week ======== . 26/05/2014 10:58:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000133 (0x0000000000000000, 0x0000000000000504, 0x0000000000000503, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052614-34226-01. 21/05/2014 2:40:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8003f443b0, 0xfffff880064e7c64, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052114-29281-01. 20/05/2014 9:50:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800846e010, 0xfffff88006316aac, 0xffffffffc0000001, 0x0000000000000003). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052014-43071-01. 20/05/2014 10:41:47 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-27 23:47:31
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a TOSHIBA_MQ01ABD050 rev.AX003J 465.76GB
Running: b30z2qgr.exe; Driver: C:\Users\felicia\AppData\Local\Temp\pglorpog.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff800982dd3dc 1 byte [31]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [720:752] fffff960009775e8

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----


Cheers

You're welcome.

Hi I have a Toshiba Qosmio X505-Q8100X laptop running windows 7 (64bit). I must have some sort of infection or virus but I have cleaned up my msconfig and registry the best I know how to and removed all unused programs yet I cannot access any internet page through any browser without 5 or 6 additional pages opening and reopening. Internet Explorer will not even come up. I just get a blank page. I have almost everything already backed up and would be willing to reinstall Windows 7 but I didn't receive a set-up disk or system repair disk when I bought it so I don't know how to go about that. Toshiba's site has not helped me at all. Can anyone give me some advice?

I realize that I didn't explain my problem. My computer is freezing from time to time while playing video and music, and currently I can't change my desktop background....also having a problem of having to manually change all my files from read only. Every time I download something into my music folder it automatically goes to read only.

hyperlinks to ads on every web page Hello,

On every web page i am harassed by these hyperlinks leading to ads. If this is an infection and not something i could easily switch off or uninstall could someone please help me remove them.
I believe its some kind of adware, l have run malwarebytes removed some stuff, but it still persists,
it affected firefox and chrome but not IE 11



Thanks

It's been a while.

Anyone there heard of iVIDI?

Norton reckon they'd cleared it, but my computers still displaying a couple of hallmarks - crashing randomly & erasing stored account details. Any assistance gratefully rec'd.

Cheers

Mick

Sufi,
When you're ready, be sure to start a new topic for your laptop, with the requested logs.
Thanks,
askey127

Below is the new OTL scan. ( Also While I was trying to download something you wanted me to download I almost installed something called internet download manager. It wants to resume installation and it keeps popping up windows to install)

OTL logfile created on: 5/30/2014 1:28:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ali\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 74.93% Memory free
15.98 Gb Paging File | 13.62 Gb Available in Paging File | 85.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.41 Gb Total Space | 675.86 Gb Free Space | 73.99% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ALI-PC | User Name: Ali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/29 10:53:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ali\Desktop\OTL.exe
PRC - [2014/05/26 13:25:55 | 003,888,648 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/12 13:25:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/09 14:44:50 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 18:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 18:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/11/17 17:18:16 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/06 21:33:08 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2014/05/09 14:44:50 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/26 13:57:04 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2010/07/28 18:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 18:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 19:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 19:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 19:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 19:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 18:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/11/17 17:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/05/12 13:25:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 14:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/05/13 22:53:27 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/09 14:44:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/07/28 18:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/06/24 22:16:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/24 22:16:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/15 16:05:38 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/15 16:05:38 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/15 16:05:38 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/12 13:25:52 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/12 13:25:52 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/05/12 13:25:52 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/12 13:25:52 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/12 13:25:52 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/01/22 09:52:21 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/19 15:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 14:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 06:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/09 04:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/29 20:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer: source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z059&partner_id= 308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_versi on=2.0&install_country=US&install_date=20110719&user_guid=2493B2718EE14160B 3CC75CCEDB3AC24&machine_id=74d971c93c9485867dbffabfb601a62e&browser=IE&os=w in&os_version=6.1-x64-SP1
IE - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer: source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS392
IE - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/17 23:39:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/12 13:25:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/09 14:44:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/30 12:45:40 | 000,000,000 | ---D | M]

[2012/11/25 20:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ali\AppData\Roaming\Mozilla\Extensions
[2014/05/30 13:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ali\AppData\Roaming\Mozilla\Firefox\Profiles\f1n1i4qf.default\exte nsions
[2014/05/30 12:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/09 14:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/09 14:44:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?gd=&ctid=CT3325809&octid=EB_ORIGINAL_CTID&ISID=M65ABB6FB-AD84-49E8-A8A2-D72145697C92&SearchSource=58&CUI=&UM=5&UP=SPA662A5EF-D8B6-409C-AC4B-D6CB54736B97&q={searchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: saevInshop = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjabfkpbcgiamdpkkekgnakjolgjklb\2.3\
CHR - Extension: Google Wallet = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 <video> = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/01 13:48:25 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2954719467-2862875249-558239009-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-2954719467-2862875249-558239009-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2954719467-2862875249-558239009-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Compress Image Using Image Compressor 2008 - C:\Program Files (x86)\MasRizal\IMC2008\imcieex_compress.html ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: &Compress Image Using Image Compressor 2008 - C:\Program Files (x86)\MasRizal\IMC2008\imcieex_compress.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC15594-C33A-4313-8EAF-99FFC7FFA675}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/30 13:09:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/30 12:57:43 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/30 12:57:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/30 12:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/05/29 10:53:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ali\Desktop\OTL.exe
[2014/05/29 10:49:37 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\IDM2
[2014/05/29 10:48:27 | 001,075,776 | ---- | C] (OR Interactive Ltd) -- C:\Users\Ali\Desktop\IDM2.exe
[2014/05/23 13:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014/05/17 23:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/05/17 23:41:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2014/05/15 16:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/12 18:55:38 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\TS3Client
[2014/05/12 18:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2014/05/12 18:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2014/05/12 14:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\b91139e0341800d0
[2014/05/12 14:08:39 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Packages
[2014/05/12 13:25:51 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/09 14:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/08 13:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 30 Days ==========

[2014/05/30 13:18:06 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 13:18:06 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 13:13:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/30 13:12:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/30 13:12:39 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/30 13:11:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/30 12:55:52 | 001,327,971 | ---- | M] () -- C:\Users\Ali\Desktop\AdwCleaner.exe
[2014/05/30 12:53:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/29 10:53:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ali\Desktop\OTL.exe
[2014/05/29 10:48:27 | 001,075,776 | ---- | M] (OR Interactive Ltd) -- C:\Users\Ali\Desktop\IDM2.exe
[2014/05/23 20:53:50 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/23 20:53:50 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/23 20:53:50 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/23 10:39:23 | 123,560,090 | ---- | M] () -- C:\Users\Ali\Desktop\May WCS Replay Release.zip
[2014/05/23 09:58:45 | 000,380,416 | ---- | M] () -- C:\Users\Ali\Desktop\npzno6fg.exe
[2014/05/17 23:44:33 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/05/15 16:05:38 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/15 16:05:38 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/15 16:05:38 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/12 18:55:35 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2014/05/12 13:26:09 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/12 13:25:52 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1400187938547
[2014/05/12 13:25:52 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1400187938547
[2014/05/12 13:25:52 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/05/12 13:25:52 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/05/12 13:25:52 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/05/12 13:25:52 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/05/12 13:25:52 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/05/12 13:25:52 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/12 13:25:51 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/10 16:29:10 | 000,002,051 | ---- | M] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2014/05/30 12:50:06 | 001,327,971 | ---- | C] () -- C:\Users\Ali\Desktop\AdwCleaner.exe
[2014/05/23 10:38:38 | 123,560,090 | ---- | C] () -- C:\Users\Ali\Desktop\May WCS Replay Release.zip
[2014/05/23 09:58:44 | 000,380,416 | ---- | C] () -- C:\Users\Ali\Desktop\npzno6fg.exe
[2014/05/17 23:44:33 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/05/12 18:55:35 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2014/05/12 13:25:53 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2012/12/19 14:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/19 14:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/12/01 13:46:56 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/01 13:32:58 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ALI-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2011/09/06 13:48:10 | 000,000,000 | ---- | C] () -- C:\Users\Ali\AppData\Local\{DB94FFF5-F33C-4143-84F9-01A2CB5A5DBB}

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/26 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\AVAST Software
[2014/05/29 10:49:38 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\IDM2
[2013/09/28 16:46:06 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Origin
[2014/05/27 14:43:42 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\TS3Client

========== Purity Check ==========



< End of report >

Farbar Service Scanner Version: 21-05-2014
Ran by Kamil (administrator) on 30-05-2014 at 22:22:25
Running from "D:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-12-23 18:25] - [2013-09-14 02:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-12-23 18:25] - [2013-09-08 04:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-12-23 18:22] - [2013-07-09 06:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Hello kindness,

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

southwicker,
No matter who installed it, that Photoshop is still unlicensed and illegal.
What you do about it is up to you.
-------------------------------------------------
Run the ESET Online Scanner
Vista/Windows 7 users: You will need to to right-click on the either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select Run as Administrator.
(You can use either Internet Explorer or Mozilla FireFox for this scan, but Internet Explorer is easier.)
You will also need to disable your current installed Anti-Virus this way before you begin.

• Please go HERE to run the scan.
  
  Quote:

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install. All of the instructions below are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats IS checked, and the option Scan archives IS checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• Give permission again if necessary.
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard any more than necessary during the scan, otherwise it may stall.
• When it completes, give it a few minutes to write the logfile, then click on
• Use (My) Computer to navigate to C:\Program Files(x86)\ESET\Eset Online Scanner\log.txt.
• Double click the log.txt file to open it in Notepad.
• Copy and paste that log as a reply to this topic.

Don't forget to turn AVG back on.

askey127

Figured it out, for anyone who has this issue in the future it's most likely this: http://grahamcluley.com/2014/02/moon-router-worm/

A couple days ago this started. I thought I had it fixed but today it shows up again. I have run the first 2 programs and have results. It won't let me run GMER. I have tried 3x and it gets to a place and won't run any further. The first 2x it shut my computer down, but it came right back up. The third time I stopped it before that happened. Here is what I have.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: AMD FX(tm)-4130 Quad-Core Processor, x64 Family 21 Model 1 Stepping 2
Processor Count: 4
RAM: 3325 Mb
Graphics Card: ATI Radeon 3000 Graphics, 512 Mb
Hard Drives: C: Total - 953766 MB, Free - 648413 MB;
Motherboard: Gigabyte Technology Co., Ltd., GA-78LMT-USB3
Antivirus: Bitdefender Antivirus, Updated and Enabled.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:31:45 PM, on 5/31/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Preton\PretonSaver\PretonClient.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn11\ytbb.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\notepad.exe
C:\Users\Ruth\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: Yahoo Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
O4 - HKLM\..\Run: [PretonClient] C:\Program Files\Preton\PretonSaver\PretonClient.exe
O4 - HKLM\..\Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2981535C05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [TWC.Win7] C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
O4 - Startup: Dropbox.lnk = Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://xp.yimg.com/ei/toolbar/ie/yinst_current.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: BCL EasyConverter SDK 3 Loader (becldr3Service) - Unknown owner - C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: PretonSaver (PretonClientService) - Preton Ltd - C:\Program Files\Preton\PretonSaver\PretonClientService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8949 bytes


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by Ruth at 9:40:21 on 2014-05-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3326.1603 [GMT -4:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Preton\PretonSaver\PretonClient.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files\Preton\PretonSaver\PretonClientService.exe
C:\Windows\system32\RunDll32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Glary Utilities 5\Integrator.exe
C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\SlimCleaner+\SlimServiceFactory.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn11\ytbb.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_122_ActiveX.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Yahoo Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [HP Photosmart 6520 series (NET)] "c:\program files\hp\hp photosmart 6520 series\bin\ScanToPCActivationApp.exe" -deviceID "CN2981535C05TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
uRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
uRun: [TWC.Win7] c:\program files\the weather channel\desktop weather\TWC.Win7.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [GUDelayStartup] "c:\program files\glary utilities 5\StartupManager.exe" -delayrun
uRun: [Zoner Photo Studio Autoupdate] c:\program files\zoner\photo studio 15\program32\ZPSTRAY.EXE
mRun: [PretonClient] c:\program files\preton\pretonsaver\PretonClient.exe
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender 2013\bdagent.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\ruth\appdata\roaming\micros~1\windows\startm~1\programs\startup\dr opbox.lnk - c:\users\ruth\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\ruth\appdata\roaming\micros~1\windows\startm~1\programs\startup\mo nito~1.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: $talisma_url$
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://xp.yimg.com/ei/toolbar/ie/yinst_current.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{16D863B0-FD58-4F3D-A2E1-51DD9A11753C} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ruth\appdata\roaming\mozilla\firefox\profiles\g1dhuh2q.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_95.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2013-7-9 70784]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2013-7-9 34944]
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2014-1-7 778032]
R0 GUBootStartup;GUBootStartup;c:\windows\system32\drivers\GUBootStartup.sys [2014-5-17 17088]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2014-1-7 165744]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2014-1-8 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2014-1-8 15856]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2014-4-15 80104]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2013-7-5 19608]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2014-1-7 78144]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2014-1-7 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2014-1-7 72704]
R1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\drivers\ndisrd.sys [2013-7-5 28776]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2014-1-8 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2013-12-14 881952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-11-16 291840]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
R2 AODDriver4.2;AODDriver4.2;c:\program files\gigabyte\et6\i386\aoddriver2.sys [2012-9-24 48296]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 CltMngSvc;Search Protect Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-5-23 2497856]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2013-7-25 369152]
R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2013-9-21 33224]
R2 PretonClientService;PretonSaver;c:\program files\preton\pretonsaver\PretonClientService.exe [2012-11-29 51712]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2013-7-5 33056]
R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2014-1-7 82824]
R2 SlimService;SlimWare Utility Service Launcher;c:\program files\slimcleaner+\SlimServiceFactory.exe [2013-10-30 211264]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2014-1-7 54960]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2013-7-10 37944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-7-9 86656]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-7-5 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2014-1-7 516936]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2013-9-15 51328]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2013-9-15 71552]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-12-31 680664]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2013-7-10 44160]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-11-15 2151744]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2013-8-13 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2014-1-7 66832]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\bcl technologies\easyconverter sdk 3\common\becldr.exe [2013-7-3 225280]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2013-7-20 17488]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\intel\intel(r) integrated clock controller service\ICCProxy.exe [2013-7-5 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-17 108032]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-8-31 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-8-31 10200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-7-20 14848]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);c:\windows\system32\drivers\RtTeam620.sys [2013-7-5 49808]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan620.sys [2013-7-5 27792]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-7-19 13464]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-12 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-7-20 27136]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys [2014-3-31 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-7-6 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2014-1-7 62688]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-30 19:21:59 -------- d-----w- c:\users\ruth\appdata\roaming\SpeedMaxPc
2014-05-30 19:21:59 -------- d-----w- c:\users\ruth\appdata\roaming\DriverCure
2014-05-30 19:21:16 -------- d-----w- c:\programdata\SpeedMaxPc
2014-05-30 19:17:12 -------- d-----w- c:\program files\VS Revo Group
2014-05-30 19:14:16 -------- d-----w- c:\program files\SearchProtect
2014-05-30 19:14:13 -------- d-----w- c:\users\ruth\appdata\local\SearchProtect
2014-05-30 17:02:32 -------- d-----w- c:\users\ruth\appdata\local\CrashDumps
2014-05-29 12:55:10 -------- d-----w- c:\program files\iPod
2014-05-29 12:55:08 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-29 12:55:08 -------- d-----w- c:\program files\iTunes
2014-05-24 16:58:26 -------- d-----w- c:\program files\Foolish IT
2014-05-17 20:26:42 17088 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-05-17 20:25:57 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 20:25:47 -------- d-----w- c:\program files\Glary Utilities 5
2014-05-16 14:06:39 -------- d-----w- c:\programdata\Laplink
2014-05-15 22:54:00 -------- d-----w- c:\users\ruth\appdata\roaming\DropboxMaster
2014-05-15 17:03:07 -------- d-----w- c:\users\ruth\appdata\roaming\Zoner
2014-05-15 17:03:07 -------- d-----w- c:\users\ruth\appdata\local\Zoner
2014-05-15 17:02:54 -------- d-----w- c:\programdata\Zoner
2014-05-15 17:02:14 -------- d-----w- c:\program files\Zoner
2014-05-14 07:02:23 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-13 17:46:09 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-13 17:46:08 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 13:48:42 227704 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-05-07 07:01:30 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-02 00:34:13 -------- d-----w- c:\users\ruth\appdata\local\rubeckf
.
==================== Find3M ====================
.
2014-05-31 01:12:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-31 01:12:14 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 11:26:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 11:25:58 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 23:16:46 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
2014-04-15 06:34:10 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-08 14:32:31 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-03-04 09:20:11 3969984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 9:41:22.25 ===============

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-31 13:07:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.03.0 298.09GB
Running: 9bh6sz1k.exe; Driver: C:\Users\STEPHA~1\AppData\Local\Temp\uxdiypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f9000 45 bytes [43, 4D, 33, 31, 05, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031f902f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76]
.text C:\Program Files (x86)\Higher Aurum\updateHigherAurum.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76]
.text ... * 2
.text C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76]
.text C:\Program Files (x86)\Higher Aurum\bin\utilHigherAurum.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76]
.text ... * 2
.text C:\ProgramData\Updater\updater.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76]
.text C:\ProgramData\Updater\updater.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76]
.text ... * 2
.text C:\Program Files (x86)\Higher Aurum\bin\HigherAurum.BrowserAdapter.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76]
.text C:\Program Files (x86)\Higher Aurum\bin\HigherAurum.BrowserAdapter.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [540:3484] 000007fef6d6a2b0
Thread C:\Windows\System32\svchost.exe [540:3740] 000007fef6ca20c0
Thread C:\Windows\System32\svchost.exe [540:3772] 000007fef6ca26a8
Thread C:\Windows\System32\svchost.exe [540:3780] 000007fef6ca29dc
Thread C:\Windows\System32\svchost.exe [540:3784] 000007fef6ca29dc
Thread C:\Windows\System32\svchost.exe [540:3788] 000007fef6ca29dc
Thread C:\Windows\System32\svchost.exe [540:3164] 000007fef7cc44e0
Thread C:\Windows\System32\svchost.exe [540:5976] 000007fef7fa88f8
Thread C:\Windows\System32\svchost.exe [540:4292] 000007feebc03efc
Thread C:\Windows\System32\svchost.exe [540:6188] 000007feebce8a4c
Thread C:\Windows\System32\svchost.exe [540:5568] 000007fef61b42c8
Thread C:\Windows\System32\svchost.exe [540:7080] 000007fef63a5fd0
Thread C:\Windows\System32\svchost.exe [540:7076] 000007fef63a63ec
Thread C:\Windows\Explorer.EXE [3932:3876] 000007feea5e2118
Thread C:\Windows\Explorer.EXE [3932:4928] 000007fef8b12f9c
Thread C:\Windows\Explorer.EXE [3932:5840] 000007fefc132154
Thread C:\Program Files\Microsoft IntelliPoint\ipoint.exe [4172:4808] 000007fee76c7498
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5256:5952] 000007fefb992a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5256:3976] 000007fee84d4830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5256:1688] 000007fef7f25124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5256:5644] 000007fee8459d90
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5256:5464] 000007fee84d4830
---- Processes - GMER 2.1 ----

Process C:\Users\Stephanie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (*** suspicious ***) @ C:\Users\Stephanie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [3992] (Sansa Dispatcher/SanDisk Corporation)(2013-06-26 01:21:55) 0000000000400000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb424da3e0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb424da3e0 (not active ControlSet)

---- Files - GMER 2.1 ----

File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-fede104c.exe (size mismatch) 2932736/0 bytes executable

---- EOF - GMER 2.1 ----

Hello,

I was trying to download software to enable my desktop background to run a .gif
I messed up. I must have missed unchecking one of the plugins because all of a sudden yahoo.com was set as my homepage and all sorts of ad pop-ups began showing up in my open Chrome browser, usually in the form of a Rock Turner ad. Also, I believe there was some other software installed onto my machine like a zip file opener and some other rand toolkit stuff.

Ran a Malwarebytes scan and it found about 400 different dirty files. I removed them and restarted my PC. Everything seemed fine but the next day the pop-ups were back.

I apologize, as I am just beginning to learn more about computers, but beyond what malwarebytes can do I have no other skills to get rid of this stuff on my own. This computer is my personal computer, not a work machine, although I do access private work info on it from time to time. Even posting this info and these scans online makes me nervous.

This is my first time posting, so I hope i have everything necessary.

I run Win 7 Pro.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:39:17 PM, on 5/31/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Users\Andrew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Andrew\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Andrew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: NETGEAR WNDA4100 Genie.lnk = C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13048 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.25.2
Run by Andrew at 12:45:11 on 2014-05-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16335.13890 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Andrew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [Octoshape Streaming Services] "C:\Users\Andrew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [GoogleChromeAutoLaunch_AF2E2510EC2DA94726BF08BC757DFE33] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRunOnce: [Del1493459] cmd.exe /Q /D /c del "C:\Users\Andrew\AppData\Local\Temp\0.del"
uRunOnce: [Del1516938] cmd.exe /Q /D /c del "C:\Users\Andrew\AppData\Local\Temp\0.del"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRunOnce: [Del1493459] cmd.exe /Q /D /c del "C:\Users\Andrew\AppData\Local\Temp\0.del"
mRunOnce: [Del1516938] cmd.exe /Q /D /c del "C:\Users\Andrew\AppData\Local\Temp\0.del"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STEELS~1.LNK - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{3F9EFE69-E46D-4420-8139-2909A56A0EC2} : DHCPNameServer = 8.8.8.8 97.81.22.195 71.92.29.130
TCP: Interfaces\{49639E63-9E7E-4B58-8571-D3285BD9C503} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{49639E63-9E7E-4B58-8571-D3285BD9C503}\3416E697F6E6F554854523 : DHCPNameServer = 10.0.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_dsites04_14_22_ch&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzy0B0AyE0EyBtAt D0A0DtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L 1G1B1V1N2Y1L1Qzu2SyC0EyCtBzzzztAyEtG0B0Fzy0FtG0AtA0AzytGtBtAtAzytGyCzyyD0C0 CyD0BtByDyE0A0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzzzyyCzzzzyB0DtG0F0AzztBtGtBtAzz tBtGyByBtC0FtGyEyE0DyD0CyB0E0ByCyDyEyE2Q&cr=78913531&ir=
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: SearchMe Toolbar: {B9C767DD-F66A-40B4-8F12-4199A9A4393C} -
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\i1jn0rlr.default\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M455A2006-6A59-447E-9BFB-C7508C4859FA&SearchSource=55&CUI=&UM=5&UP=SP4D54D4EF-85C1-47D0-8A87-3F6F2AA11794&SSPV=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.nspdlsd.aflt - spd_dsites04_14_22_ch
FF - user.js: extensions.nspdlsd.instlRef - 142905_b
FF - user.js: extensions.nspdlsd.cr - 78913531
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzutAtDzzyD0Azyzy0B0AyE0EyBtAtD0A0DtN0D0Tzu0SzzzztCtN1L2XzutBt FtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0EyCtBzzzztA yEtG0B0Fzy0FtG0AtA0AzytGtBtAtAzytGyCzyyD0C0CyD0BtByDyE0A0F2QtN1M1F1B2Z1V1N2 Y1L1Qzu2StDzzzyyCzzzzyB0DtG0F0AzztBtGtBtAzztBtGyByBtC0FtGyEyE0DyD0CyB0E0ByC yDyEyE2Q
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-6 19264]
R1 {8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64;{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64;C:\Windows\System32\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys [2014-5-30 61120]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-4-7 32400]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-4-7 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe [2013-4-7 1492912]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-5-22 2266296]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-3-12 190120]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [2012-4-30 377088]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2012-4-30 455424]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2013-2-19 2417504]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-4-7 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-4-6 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-4-7 160768]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2012-5-17 26136]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-6 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-6 789824]
R3 sshid;SteelSeries HID Service;C:\Windows\System32\drivers\sshid.sys [2014-3-21 32768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-25 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-7 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-7 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-7 1255736]
.
=============== Created Last 30 ================
.
2014-05-31 16:41:56 -------- d-----w- C:\Users\Andrew\AppData\Roaming\UpdaterEX
2014-05-30 16:04:38 61120 ----a-w- C:\Windows\System32\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys
2014-05-30 15:35:22 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B063869-D7FA-4415-B024-0348CBF199CE}\mpengine.dll
2014-05-30 14:47:20 -------- d-----w- C:\Windows\System32\appmgmt
2014-05-30 14:40:29 -------- d-----w- C:\Users\Andrew\AppData\Local\SearchProtect
2014-05-30 14:31:56 -------- d-----w- C:\Users\Andrew\AppData\Local\WorldofTanks
2014-05-30 14:31:30 -------- d-----w- C:\Users\Andrew\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-05-30 14:30:40 -------- d-----w- C:\Users\Andrew\AppData\Roaming\DigitalSites
2014-05-30 14:30:35 -------- d-----w- C:\Program Files (x86)\OpenIt
2014-05-22 22:56:16 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
2014-05-22 22:56:14 -------- d-----r- C:\Users\Andrew\OneDrive
2014-05-22 22:56:10 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2014-05-22 22:47:27 589008 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-05-22 22:45:26 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2014-05-22 22:40:12 -------- d-----w- C:\Program Files\Microsoft Office 15
2014-05-22 03:52:19 -------- d-----r- C:\Users\Andrew\Google Drive
2014-05-18 07:03:11 -------- d-----w- C:\Program Files (x86)\Application Updater
2014-05-14 16:57:11 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 16:57:11 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 16:46:18 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-14 16:46:14 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-14 04:32:27 -------- d-sh--w- C:\Users\Andrew\AppData\Local\EmieUserList
2014-05-14 04:32:27 -------- d-sh--w- C:\Users\Andrew\AppData\Local\EmieSiteList
2014-05-14 03:45:30 -------- d-----w- C:\Users\Andrew\AppData\Roaming\SpaceEngineers
2014-05-06 20:36:52 -------- d-s---w- C:\Windows\System32\CompatTel
.
==================== Find3M ====================
.
2014-05-31 16:17:45 1048576 ----a-w- C:\Windows\PE_Rom.dll
2014-05-14 04:19:33 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 04:19:33 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 19:49:56 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-09 19:49:56 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-05-09 19:49:25 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-21 19:28:16 32768 ----a-w- C:\Windows\System32\drivers\sshid.sys
2014-03-21 19:28:16 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 12:45:40.55 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2013 10:21:31 PM
System Uptime: 5/31/2014 12:17:03 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | LGA1155 | 2380/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 515.033 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP181: 5/16/2014 5:08:25 AM - Installed DirectX 9.0
RP182: 5/20/2014 3:53:27 PM - Windows Update
RP183: 5/28/2014 2:06:44 PM - Scheduled Checkpoint
RP184: 5/30/2014 10:46:51 AM - Removed 7-Zip 9.21
RP185: 5/30/2014 10:49:48 AM - Removed 7-Zip 9.21
RP186: 5/30/2014 11:35:02 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 13 ActiveX
Adobe Reader XI (11.0.02)
AI Suite II
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audiosurf
B2 CHAT
Battlefield 2
Battlefield 3™
Battlefield: Bad Company 2
Battlelog Web Plugins
BioShock Infinite
Bonjour
Borderlands
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Counter-Strike: Global Offensive
Counter-Strike: Source
Day of Defeat
Day of Defeat: Source
DayZ
Deathmatch Classic
Defense Grid: The Awakening
Empire: Total War
ESN Sonar
Eufloria
Extended Update
Fallout 3 - Game of the Year Edition
Far Cry 3 Blood Dragon
Far Cry® 3
FL Studio 11
FlowStone FL 3.0
Garry's Mod
Google Chrome
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Grand Theft Auto
Grand Theft Auto 2
Grand Theft Auto III
Grand Theft Auto IV
Grand Theft Auto: San Andreas
Grand Theft Auto: Vice City
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hawken
IL Download Manager
IL Shared Libraries
Intel(R) Network Connections 17.1.55.0
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Watchdog Timer Driver (Intel® WDT)
iTunes
James Cameron’s Avatar™: The Game
Java 7 Update 25
Java Auto Updater
Kerbal Space Program
League of Legends
Left 4 Dead 2
MainConcept AAC Encoder Plug-In
Malwarebytes Anti-Malware version 1.75.0.1300
Metal Slug 3
Metro 2033
Metro: Last Light
Microsoft .NET Framework 4.5.1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 365 - en-us
Microsoft OneDrive
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.6.6957 (3975d54)
NETGEAR WNDA4100 Genie
NVIDIA PhysX
Octoshape Streaming Services
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Origin
Pando Media Booster
PAYDAY 2
Portal
Portal 2
Prince of Persia
Prince of Persia: The Sands of Time
Prince of Persia: The Two Thrones
Prince of Persia: Warrior Within
PunkBuster Services
QuickTime 7
Red Orchestra 2: Heroes of Stalingrad
Ricochet
Rock Turner
SearchMe Toolbar v9.2
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Space Engineers
Steam
SteelSeries Engine 3.2.0
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 6
The Secret of Monkey Island: Special Edition
Tomb Raider
TrackMania United
Uplay
VLC media player 2.0.0
War Thunder Launcher 1.0.1.264
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Soulstorm
Warhammer® 40,000™: Dawn of War® II
WinRAR 4.20 (32-bit)
XBMC
Zip Opener Packages
.
==== Event Viewer Messages From Past Week ========
.
5/30/2014 9:27:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
5/30/2014 9:27:33 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-31 13:58:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST31000528AS rev.CC38 931.51GB
Running: l60elkg1.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\uwdiqpob.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\PnkBstrA.exe[2888] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000740f1a22 2 bytes [0F, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2888] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000740f1ad0 2 bytes [0F, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2888] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000740f1b08 2 bytes [0F, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2888] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000740f1bba 2 bytes [0F, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2888] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000740f1bda 2 bytes [0F, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e01465 2 bytes [E0, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e014bb 2 bytes [E0, 77]
.text ... * 2
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3772] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077e01465 2 bytes [E0, 77]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3772] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000077e014bb 2 bytes [E0, 77]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [3220:2436] 000007fee4c99688
---- Processes - GMER 2.1 ----

Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772] (Python Core/Python Software Foundation)(2014-05-31 16:17:37) 000000001e000000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001e8c0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001e7a0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000000380000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000000240000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000010000000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001e800000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000002e70000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000002f30000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772] (wxWidgets for MSW/wxWidgets development team)(2014-05-31 16:17:37) 0000000003060000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772] (wxWidgets for MSW/wxWidgets development team)(2014-05-31 16:17:37) 0000000000280000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772] (wxWidgets for MSW/wxWidgets development team)(2014-05-31 16:17:37) 0000000003250000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772] (wxWidgets for MSW/wxWidgets development team)(2014-05-31 16:17:37) 00000000036f0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000003930000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 00000000042d0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772] (wxWidgets for MSW/wxWidgets development team)(2014-05-31 16:17:37) 0000000003a00000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000004530000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000004640000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001d100000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 00000000004a0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000000530000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001d1a0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001ea10000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001ec80000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001e9b0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001eaa0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000000860000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772] (wxWidgets for MSW/wxWidgets development team)(2014-05-31 16:17:37) 0000000001f20000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001ea40000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001e980000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000001f40000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000001f50000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000003aa0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001eb90000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 0000000005d80000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001eb60000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001ebf0000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001ec20000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 000000001ed40000
Library C:\Users\Andrew\AppData\Local\Temp\_MEI34202\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3772](2014-05-31 16:17:37) 00000000056e0000

---- EOF - GMER 2.1 ----