Hi.
I have been having trouble with blue screens, boot up problems, slow, disc read errors, high disk usage.
We reset the computer all the way back to original. Then started loading our programs. Again, the same type of thing is happening. We also did a check disc.

Can you help?
........................................................................... ..................................................................
Hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:44:25 AM, on 6/12/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Users\Joanne\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Joanne\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Joanne\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Joanne\AppData\Roaming\Dashlane\ie\KWIEBar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKCU\..\Run: [Dashlane] "C:\Users\Joanne\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845" /EF "HKCU"
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10605 bytes
........................................................................... ............................................

dds file

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Joanne at 7:47:56 on 2014-06-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1400 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Joanne\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Joanne\Desktop\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://emachines.msn.com
uDefault_Page_URL = hxxp://emachines.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Dashlane BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Joanne\AppData\Roaming\Dashlane\ie\Dashlanei.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - <orphaned>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Joanne\AppData\Roaming\Dashlane\ie\KWIEBar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\CoIEPlg.dll
uRun: [Dashlane] "C:\Users\Joanne\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
uRun: [AdobeBridge] <no file>
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\d8oo6l36.default\
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1503000.00C\SymDS64.sys [2014-6-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1503000.00C\SymEFA64.sys [2014-6-10 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001_385\BHDrvx64.sys [2014-6-6 1530160]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1503000.00C\ccSetx64.sys [2014-6-10 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140611.001\IDSviA64.sys [2014-6-12 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\Ironx64.sys [2014-6-10 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys [2014-6-10 593112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-31 244624]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [2014-6-10 265040]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-26 378984]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-11 16:31:38 77824 ----a-w- C:\Windows\SysWow64\adistres.dll
2014-06-11 16:31:38 20588 ----a-w- C:\Windows\SysWow64\PdfPorts.dll
2014-06-11 16:30:03 306688 ----a-w- C:\Windows\IsUninst.exe
2014-06-11 11:31:57 2871808 ----a-w- C:\Windows\explorer.exe
2014-06-11 04:25:57 -------- d-----w- C:\Kpcms
2014-06-11 04:20:20 -------- d-----w- C:\Users\Joanne\AppData\Roaming\StageManager.BD092818F67280F4B42B0487760098 7F0111B594.1
2014-06-11 04:06:02 -------- d-----w- C:\Program Files (x86)\PatternMaker Software
2014-06-11 03:48:19 -------- d-----w- C:\Users\Joanne\AppData\Roaming\Leader Technologies
2014-06-10 23:48:27 -------- d-----w- C:\Users\Joanne\AppData\Local\Programs
2014-06-10 15:05:45 -------- d-----w- C:\Program Files (x86)\LTCM Client
2014-06-10 15:04:06 -------- d-----w- C:\Users\Joanne\AppData\Local\ABBYY
2014-06-10 15:02:06 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2014-06-10 15:02:05 -------- d-----w- C:\ProgramData\ABBYY
2014-06-10 15:02:05 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY
2014-06-10 14:56:30 -------- d-----w- C:\Program Files\Common Files\EPSON
2014-06-10 14:53:40 558592 ----a-w- C:\Windows\System32\ensppmon.dll
2014-06-10 14:53:40 558592 ----a-w- C:\Windows\System32\enppmon.dll
2014-06-10 14:53:40 538112 ----a-w- C:\Windows\System32\ensppui.dll
2014-06-10 14:53:40 538112 ----a-w- C:\Windows\System32\enppui.dll
2014-06-10 14:53:40 250880 ----a-w- C:\Windows\System32\enspres.dll
2014-06-10 14:53:40 250880 ----a-w- C:\Windows\System32\enpres.dll
2014-06-10 14:53:40 -------- d-----w- C:\Program Files\EpsonNet
2014-06-10 14:52:42 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2014-06-10 14:52:30 -------- d-----w- C:\Program Files (x86)\Epson America Inc
2014-06-10 14:52:17 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-06-10 14:52:17 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-06-10 14:52:17 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-06-10 14:52:17 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-06-10 14:52:15 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-06-10 14:51:58 -------- d-----w- C:\Program Files\EPSON
2014-06-10 14:51:09 118784 ----a-w- C:\Windows\System32\E_YLMHSA.DLL
2014-06-10 14:51:06 83456 ----a-w- C:\Windows\System32\E_YD4BHSA.DLL
2014-06-10 14:50:52 -------- d-----w- C:\ProgramData\EPSON
2014-06-10 14:50:26 -------- d-----w- C:\Program Files (x86)\Epson Software
2014-06-10 14:49:39 464384 ----a-w- C:\Windows\System32\esxw2ud.dll
2014-06-10 14:49:39 13824 ----a-w- C:\Windows\System32\esxcdev.dll
2014-06-10 14:49:39 132560 ----a-w- C:\Windows\System32\esdevapp.exe
2014-06-10 14:49:38 -------- d-----w- C:\Program Files (x86)\epson
2014-06-10 14:36:53 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-06-10 06:02:24 -------- d-----w- C:\Program Files\Common Files\Intuit
2014-06-10 05:58:23 -------- d-----w- C:\Users\Joanne\AppData\Local\Intuit
2014-06-10 05:57:40 4194304 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2014-06-10 05:55:50 -------- d-----w- C:\ProgramData\Nuance
2014-06-10 05:55:49 -------- d-----w- C:\ProgramData\Intuit
2014-06-10 05:55:49 -------- d-----w- C:\Program Files (x86)\Intuit
2014-06-10 05:55:49 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2014-06-10 05:55:29 -------- d-----w- C:\ProgramData\SQL Anywhere 11
2014-06-10 05:55:29 -------- d-----w- C:\ProgramData\COMMON FILES
2014-06-10 05:51:40 -------- d-----w- C:\Windows\Intuit
2014-06-10 05:46:15 -------- d-----w- C:\Program Files (x86)\Akamai
2014-06-10 04:47:35 -------- d-----w- C:\Program Files (x86)\Microsoft Money
2014-06-10 04:38:15 -------- d-----w- C:\Program Files (x86)\Microsoft Streets and Trips
2014-06-10 04:28:17 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-06-10 03:15:31 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2014-06-10 03:06:13 -------- d-----w- C:\Users\Joanne\AppData\Local\Mozilla
2014-06-10 02:58:40 -------- d-----w- C:\Program Files (x86)\Dashlane
2014-06-10 02:57:05 -------- d-----w- C:\Users\Joanne\AppData\Roaming\Dashlane
2014-06-10 02:57:05 -------- d-----w- C:\Users\Joanne\AppData\Local\Packages
2014-06-10 01:32:37 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-06-10 01:32:13 -------- d-----w- C:\Windows\SysWow64\Wat
2014-06-10 01:32:12 -------- d-----w- C:\Windows\System32\Wat
2014-06-10 01:14:45 -------- d-s---w- C:\Windows\System32\CompatTel
2014-06-10 01:08:21 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-06-10 00:54:56 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-06-10 00:54:56 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-06-10 00:54:56 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-06-10 00:54:55 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-06-10 00:41:40 -------- d-----w- C:\Windows\Migration
2014-06-10 00:23:16 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-10 00:12:52 -------- d-----w- C:\Windows\NAPP_Dism_Log
2014-06-10 00:01:28 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-06-09 23:46:03 -------- d-----w- C:\Program Files\Realtek
2014-06-09 23:46:02 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll
2014-06-09 23:46:02 2719504 ----a-w- C:\Windows\System32\WavesGUILib.dll
2014-06-09 23:46:02 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll
2014-06-09 23:46:02 198896 ----a-w- C:\Windows\System32\SRSHP64.dll
2014-06-09 23:46:02 155888 ----a-w- C:\Windows\System32\SRSWOW64.dll
2014-06-09 23:46:01 612384 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2014-06-09 23:46:01 332320 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2014-06-09 23:46:01 2269600 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2014-06-09 23:46:01 1872416 ----a-w- C:\Windows\System32\RtPgEx64.dll
2014-06-09 23:44:46 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-06-09 23:42:43 704000 ----a-w- C:\Windows\System32\cohelper.dll
2014-06-09 23:42:43 6136 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2014-06-09 23:41:34 -------- d-----w- C:\Windows\System32\MRT
2014-06-09 23:38:24 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-06-09 23:38:24 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-06-09 23:38:24 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-06-09 23:38:24 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-06-09 23:38:23 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-06-09 23:38:23 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-06-09 23:38:23 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-06-09 23:33:54 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-06-09 23:32:41 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-06-09 23:32:40 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-06-09 23:32:40 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-06-09 23:27:44 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-06-09 23:26:51 46592 ----a-w- C:\Windows\SysWow64\fpb.rs
2014-06-09 23:24:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2014-06-09 23:23:58 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-06-09 23:14:24 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-06-09 23:14:23 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-06-09 23:14:23 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-06-09 23:14:23 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-06-09 23:08:47 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2014-06-09 23:07:28 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-06-09 23:07:28 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-06-09 23:07:28 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-06-09 23:04:57 -------- d-----w- C:\Users\Joanne\AppData\Roaming\Tific
2014-06-09 23:04:56 -------- d-----w- C:\Users\Joanne\AppData\Local\Symantec
2014-06-09 22:58:18 -------- d-----w- C:\Users\Joanne\AppData\Roaming\OEM
2014-06-09 22:57:58 -------- d-----w- C:\Users\Joanne\AppData\Local\VirtualStore
2014-06-09 22:57:15 -------- d-----w- C:\Program Files (x86)\OEM
2014-06-09 22:57:04 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2014-06-09 22:56:51 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-06-09 22:56:47 -------- d-----w- C:\Program Files (x86)\Times Reader
2014-06-09 22:56:42 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-06-09 22:56:07 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-06-09 22:56:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-06-09 22:36:14 -------- d-----w- C:\Program Files (x86)\Barnes & Noble
2014-06-09 22:35:24 -------- d-----w- C:\Windows\en
2014-06-09 22:34:47 -------- d-----w- C:\Windows\fr
2014-06-09 22:34:26 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-09 22:32:41 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b98ab4201cf843203\MeshBetaRemover.exe
2014-06-09 22:32:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b93764001cf843202\DSETUP.dll
2014-06-09 22:32:40 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b93764001cf843202\DXSETUP.exe
2014-06-09 22:32:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b93764001cf843202\dsetup32.dll
2014-06-09 22:32:39 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b884dce01cf843201\DSETUP.dll
2014-06-09 22:32:39 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b884dce01cf843201\DXSETUP.exe
2014-06-09 22:32:39 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b884dce01cf843201\dsetup32.dll
2014-06-09 22:30:30 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-06-09 21:54:15 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-06-09 21:49:16 -------- d---a-w- C:\book
2014-06-09 21:46:19 -------- d-----w- C:\Windows\SysWow64\RTCOM
.
==================== Find3M ====================
.
2014-06-10 14:37:42 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-06-10 00:23:16 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 7:49:22.39 ===============
........................................................................... ................................................................

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2014 5:54:45 PM
System Uptime: 6/12/2014 7:09:01 AM (0 hours ago)
.
Motherboard: eMachines | | EL1358G
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 869.93 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP11: 6/10/2014 9:50:01 AM - Installed Epson Event Manager
RP12: 6/10/2014 9:52:19 AM - Installed Epson Connect
RP13: 6/10/2014 9:52:57 AM - Installed EpsonNet Print
RP14: 6/10/2014 9:54:13 AM - Installed FAX Utility
RP15: 6/10/2014 10:00:46 AM - Installed ABBYY FineReader 9.0 Sprint
RP16: 6/11/2014 11:20:14 AM - After emails have been put in Outlook
RP17: 6/11/2014 4:56:31 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Help Manager
Adobe Reader 9.1 MUI
Agatha Christie - 4:50 from Paddington
Bejeweled 2 Deluxe
Bing Bar
Build-a-lot 2
Chuzzle Deluxe
D3DX10
Dashlane
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
EpsonNet Print
Final Drive: Nitro
Galerie de photos Windows Live
Hotkey Utility
Identity Card
Jewel Quest Heritage
Junk Mail filter update
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2010
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton 360
Norton Online Backup
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
QuickBooks
QuickBooks Simple Start 2010 Free Edition
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Times Reader
Torchlight
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App (eMachines Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
6/9/2014 8:24:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
6/9/2014 8:24:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2953522).
6/9/2014 8:22:54 PM, Error: Service Control Manager [7023] -
6/11/2014 6:23:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64
6/11/2014 5:06:06 PM, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort0 Model: ST31000528AS Firmware Version: CC46 Serial Number: 6VPDWTH8 Port: 0
6/11/2014 5:06:06 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
6/10/2014 10:48:41 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
........................................................................... ...................................................................

ARK log

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-12 07:55:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005e ST310005 rev.CC46 931.51GB
Running: 85z6wr1h.exe; Driver: C:\Users\Joanne\AppData\Local\Temp\pgriqpob.sys


---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\WUDFHost.exe [2128:2164] 000007fef7bc24a0
Thread C:\Windows\System32\svchost.exe [3924:3772] 000007fef6705170
Thread C:\Windows\System32\svchost.exe [3924:3392] 000007fef94c9874
Thread C:\Windows\system32\DllHost.exe [3600:4024] 000007fef087ae40
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3828:664] 0000000075767587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3828:5112] 0000000064497712
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3828:5116] 0000000077d42e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3828:4048] 0000000077d43e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3828:3684] 0000000077d43e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3828:4736] 0000000077d43e85

---- EOF - GMER 2.1 ----

nobody?

Hi all,

I know that before asking for help one has to follow up the steps suggested here however I can't event start because my laptop is so corrupted that I can't even save a log of hijackthis.

For some reason I can't even go online because my usb dongle is not recognised... so I can't carry on with the steps... I need a more drastic approach to analyse and remove the malwares... i tried to download a free antivirus from another pc but it doesn't help because again... i can't download the entire antivirus but only a download file ... but then for some reason my laptop get stuck... i remove hundred of spywares and trojans with superantispyware .. this is the only tool that seems working...

please help me out with any suggestion!
cheers

My Firefox browser is apparently hijacked. Popup ads abound and it opens random websites and wants me to download an audio player. I have attached the requested files. Thank you for your help.

Attached Files

	hijackthis.log (11.7 KB)
	dds.txt (28.2 KB)
	attach.txt (17.1 KB)
	ark.txt (407 Bytes)

Hi, recently Avast popped up 3 times that it blocked a virus. I attached a screenshot of all 3 pages where they show what they blocked. Is there anything I need to do about this, as this doesn't usually happen? During all 3 pop ups I or someone else was on the internet, once on YouTube and the other 2 times on other news websites. By the way, I already emptied my Java Cache (if that's relevant) before the last pop up or 2.

Thank you in advance!

Attached Images

Avast virus blocked.jpg (136.6 KB)

Hi guys.

To solve this issue, and I don't know why I didn't think of this before, Start Windows in SAFE MODE, run Malwarebytes, restart PC. Worked first time.

Cheers.

Hey guys... I’ve been trying to upload a file (its mine so it’s not copyright or anything illegal)and I have tried various sites to upload to in a zip form and it seems to hang at 99% upload and I can’t get the full file uploaded , I have to cancel it after about 30minutes hang I ve also tried uploading this file to a web site that hoists my music mixes, as I’m a dj ,but I can’t seem to get it to unload there either ,I’ve been using internet explorer and also tried chrome and fire fox, also, I have noticed that chrome is very buggy, I have cleared out all extensions ,I have run various spy programs but noting has worked ..Please help...:D

Im on a ,,,acer aspire 6920 laptop ,,,with windows 7. Every time I go to open a program I get an error stating :


"C:\Windows\system32\wow64cpu.dll is either not designed to run on windows or it contains an error try installing the program again using the original installation media or contact your system administrator or the software vendor for support."


This came out of nowhere, i upgraded my malwarebytes anti-malware , tried to reopen it within 5 minutes and I got that error for everything i open or try to download it blocks the internet i have no command prompt and all browsers and aol will not open

,,. Any help would be GREATLY appreciated this is sad people make viruses to hurt other people,,,,take care and god bless

I started getting pop ups asking me to contact tech support to repair. Browser (IE11) is very slow. Per instructions I have copied Hijack This and other scan files for review.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:21:21 PM, on 6/14/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientApp.exe
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrnNShareWebAPI.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSystemMenu.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe
C:\Program Files (x86)\SMART Technologies\Education Software\ResponseConnectorService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe
C:\Program Files (x86)\Greener Web\bin\GreenerWeb.BrowserAdapter.exe
C:\Windows\CCM\SCNotification.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\dathomps\Downloads\HijackThis (2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Greener Web - {1973d53b-7311-45d7-8270-f44571c041a0} - C:\Program Files (x86)\Greener Web\C7C0D573-B06C-4199-9FD2-63C29C167F27.dll
O2 - BHO: Avery Toolbar BHO - {41565256-3700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Education Software\SyncIEToolbar.dll
O3 - Toolbar: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IUpdateClientApp] C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientApp.exe
O4 - HKLM\..\Run: [Heleni Uploader] C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SMARTClassroomCoordinator.exe] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
O4 - HKLM\..\Run: [Check Point Endpoint Security] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMART Floating Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe"
O4 - HKLM\..\Run: [SMARTNotification] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe"
O4 - HKLM\..\Run: [SMART Tray Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSystemMenu.exe"
O4 - HKLM\..\Run: [SMART Board Service] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
O4 - HKLM\..\Run: [sbsdk-server] "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
O4 - HKLM\..\Run: [SMART Ink] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe" -a
O4 - HKLM\..\Run: [Response Desktop Menu] "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe"
O4 - HKLM\..\Run: [ResponseConnectorService] "C:\Program Files (x86)\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://mt209.centra.com/SiteRoots/ma...aUpdaterAx.cab
O16 - DPF: {03A89EFD-E023-B200-A22D-45F77558EB4C} (ILINCInstall112 Class) - https://content10.ilinc.com/download/AXCltInst11.dll
O16 - DPF: {2685176A-3502-47BB-B91D-BD28CA2A06A0} (vb6project_Test.AT_ActiveX_Test) - https://www.autotask.net/Public/Brow...tiveX_Test.CAB
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://198.69.127.120//SNX/CSHELL/extender.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://198.69.127.120/SNX/CSHELL/extender.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://daly.webex.com/client/T27LB/webex/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = clientele.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = clientele.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = clientele.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: ININ Tracing Initialization (ININ Tracing) - Interactive Intelligence, Inc. - C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe
O23 - Service: Interactive Update Client - Interactive Intelligence, Inc. - C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MakerBot Conveyor Service - MakerBot - C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Meraki Systems Manager Agent 1.0.87 (MerakiPCCAgent) - Unknown owner - C:\Program Files (x86)\Meraki\PCC Agent 1.0.87\m_agent_service.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: PretonSaver (PretonService) - Unknown owner - C:\Program Files\Preton\PretonSaver\PretonService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Response Hardware - SMART Technologies ULC - C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: ConfigMgr Task Sequence Agent (smstsmgr) - Unknown owner - C:\Windows\CCM\TSManager.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sophos Virus Removal Tool (SophosVirusRemovalTool) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: Check Point Endpoint Security (TracSrvWrapper) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update Greener Web - Unknown owner - C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe
O23 - Service: Util Greener Web - Unknown owner - C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 24914 bytes

DDS File
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by DaThomps at 18:21:49 on 2014-06-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7988.4714 [GMT -4:00]
.
AV: System Center Endpoint Protection *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Center Endpoint Protection *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe
C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Meraki\PCC Agent 1.0.87\m_agent_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe
C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Preton\PretonSaver\PretonService.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files (x86)\Greener Web\bin\GreenerWeb.PurBrowse64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\HOTKEY\shtctky.exe
C:\Program Files\Preton\PretonSaver\PretonClient.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientApp.exe
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrnNShareWebAPI.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSystemMenu.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\ResponseConnectorService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Greener Web\bin\GreenerWeb.BrowserAdapter.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\dathomps\Downloads\install_flashplayer14x32axau_gtbd_awe_aih.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\CCM\CcmExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\CCM\SCNotification.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Greener Web: {1973d53b-7311-45d7-8270-f44571c041a0} - C:\Program Files (x86)\Greener Web\C7C0D573-B06C-4199-9FD2-63C29C167F27.dll
BHO: Avery Toolbar: {41565256-3700-A76A-76A7-7A786E7484D7} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB: SMART Sync: {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Education Software\SyncIEToolbar.dll
TB: Avery Toolbar: {41565256-3700-A76A-76A7-7A786E7484D7} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [IUpdateClientApp] C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientApp.exe
mRun: [Heleni Uploader] C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPePrintNShareProxyUI.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SMARTClassroomCoordinator.exe] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
mRun: [Check Point Endpoint Security] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SMART Floating Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe"
mRun: [SMARTNotification] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe"
mRun: [SMART Tray Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSystemMenu.exe"
mRun: [SMART Board Service] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
mRun: [sbsdk-server] "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
mRun: [SMART Ink] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe" -a
mRun: [Response Desktop Menu] "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe"
mRun: [ResponseConnectorService] "C:\Program Files (x86)\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe"
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
dRunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi"
dRunOnce: [supportdir] cmd /c "rmdir /q /s "C:\Windows\TEMP\{B383F243-0ABC-4E56-AA30-923B8D85076E}""
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~2.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: legalnoticecaption = DCI COMPUTER POLICY
mPolicies-System: HideShutdownScripts = dword:0
mPolicies-System: MaxGPOScriptWait = dword:120
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://mt209.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {03A89EFD-E023-B200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2685176A-3502-47BB-B91D-BD28CA2A06A0} - hxxps://www.autotask.net/Public/BrowserDetect/AT_ActiveX_Test.CAB
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://198.69.127.120//SNX/CSHELL/extender.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://198.69.127.120/SNX/CSHELL/extender.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://daly.webex.com/client/T27LB/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2EDE9820-7883-4ED2-B9A6-24A4575E3D4D} : DHCPNameServer = 10.59.1.1
TCP: Interfaces\{2EDE9820-7883-4ED2-B9A6-24A4575E3D4D}\052796E636563737 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2EDE9820-7883-4ED2-B9A6-24A4575E3D4D}\16474777966696 : DHCPNameServer = 192.168.4.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{2EDE9820-7883-4ED2-B9A6-24A4575E3D4D}\24F4350275962756C6563737 : DHCPNameServer = 192.168.2.1 66.37.69.141 66.37.69.142 192.168.2.1
TCP: Interfaces\{2EDE9820-7883-4ED2-B9A6-24A4575E3D4D}\84F6C6964616970294E6E60274164756771697 : DHCPNameServer = 192.168.10.1 68.10.16.30 68.1.18.20
TCP: Interfaces\{2EDE9820-7883-4ED2-B9A6-24A4575E3D4D}\944574047556374796E634F6E666562756E63656 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{2EDE9820-7883-4ED2-B9A6-24A4575E3D4D}\B65697262796467656 : DHCPNameServer = 209.244.0.3 209.244.0.4 68.87.71.226
TCP: Interfaces\{CC6F91DD-06E4-44AD-9150-9EEFF2C2C362} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E821114B-B2CD-49FE-AD61-FA6E5CBEF7D5} : DHCPNameServer = 10.1.1.32 10.1.1.36 4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Avery Toolbar: {41565256-3700-A76A-76A7-7A786E7484D7} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Avery Toolbar: {41565256-3700-A76A-76A7-7A786E7484D7} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [PretonClient] C:\Program Files\Preton\PretonSaver\PretonClient.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Trusted Zone: autotask.com
x64-Trusted Zone: autotask.net
x64-Trusted Zone: britlink.com
x64-Trusted Zone: daly.com
x64-Trusted Zone: ilinc.com
x64-Trusted Zone: ingrammicro.com
x64-Trusted Zone: officemax.com
x64-Trusted Zone: synnex.com
x64-Trusted Zone: techdata.com
x64-Trusted Zone: virginia.gov
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2010-8-28 29512]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64;{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64;C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [2014-6-12 61120]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2014-1-9 15472]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-5-6 166352]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2009-11-2 353672]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 ININ Tracing;ININ Tracing Initialization;C:\Program Files (x86)\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [2007-11-9 45056]
R2 Interactive Update Client;Interactive Update Client;C:\Program Files (x86)\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [2007-11-7 224360]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-8-28 50536]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-8-28 74088]
R2 MakerBot Conveyor Service;MakerBot Conveyor Service;C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [2013-11-27 78336]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 MerakiPCCAgent;Meraki Systems Manager Agent 1.0.87;C:\Program Files (x86)\Meraki\PCC Agent 1.0.87\m_agent_service.exe [2013-11-27 3103317]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 PretonService;PretonSaver;C:\Program Files\Preton\PretonSaver\PretonService.exe [2013-3-10 97280]
R2 Response Hardware;Response Hardware;C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [2014-3-25 20784]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SMARTHelperService;SMART Helper Service;C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2014-3-25 538416]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2014-1-9 126456]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-4-23 63928]
R2 TracSrvWrapper;Check Point Endpoint Security;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-9-26 4142608]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-28 2320920]
R2 Update Greener Web;Update Greener Web;C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe [2014-6-12 317728]
R2 Util Greener Web;Util Greener Web;C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe [2014-6-12 317728]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2010-8-28 163072]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-8-28 292864]
R3 e1kexpress;Intel(R) Network Connections Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-11-13 497424]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-28 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-28 151936]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-28 244736]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-8-28 1669928]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2014-3-25 10240]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2013-3-7 9216]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2011-5-30 40248]
R3 VNA;Check Point Virtual Network Adapter;C:\Windows\System32\drivers\vna.sys [2009-11-2 161256]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\System32\drivers\vnaap.sys [2009-11-2 161256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-28 35104]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-5-27 35840]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-8-28 320576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-5-7 24560]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2010-8-28 31152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2014-1-9 1664808]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
S3 SMARTSRVSDC330;SMART USB DRIVER SDC330;C:\Windows\System32\drivers\SMARTDocCamGen2x64.sys [2011-5-12 26480]
S3 SmartUSBDCamService64;SMART Doc Camera SDC450;C:\Windows\System32\drivers\SMARTDocCam450x64.sys [2012-10-2 90136]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2013-3-7 22184]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-7-10 151104]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-13 1255736]
S4 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2012-11-21 633952]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2014-1-9 127072]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-14 21:53:40 388096 ----a-r- C:\Users\dathomps\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-06-14 21:53:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-06-14 06:57:10 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AB396D3-2BCE-4FF0-931D-F140BD830DEC}\mpengine.dll
2014-06-13 09:41:11 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B340FA6-D6D5-44C0-9C49-EBB394B4E9AE}\gapaengine.dll
2014-06-13 09:41:01 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-12 21:47:40 61120 ----a-w- C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-12 20:43:02 -------- d-----w- C:\Program Files (x86)\Greener Web
2014-05-27 20:34:41 37776 ----a-w- C:\Windows\System32\smrtlocalmon.dll
2014-05-27 20:34:41 22312 ----a-w- C:\Windows\System32\smrtlocalui.dll
2014-05-27 20:34:36 110592 ----a-w- C:\Windows\SysWow64\tsccvid.dll
2014-05-27 20:34:19 -------- d-----w- C:\Program Files (x86)\National Instruments
2014-05-17 11:29:27 -------- d-----w- C:\Users\dathomps\AppData\Local\HP
.
==================== Find3M ====================
.
2014-06-14 21:41:46 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2014-06-14 21:41:44 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2014-06-02 10:04:14 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-02 10:04:14 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-15 09:38:07 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2014-05-15 09:37:45 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-03-25 21:44:58 272688 ----a-w- C:\Windows\SysWow64\Smart Bulb Saver.scr
2014-03-25 21:34:54 10240 ----a-w- C:\Windows\System32\drivers\SMARTMouseFilterx64.sys
2014-03-18 02:11:04 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 18:22:09.09 ===============

Attach File
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2010 1:27:58 PM
System Uptime: 6/14/2014 5:41:23 PM (1 hours ago)
.
Motherboard: LENOVO | | 3626WKY
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz | None | 2667/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 148 GiB total, 27.222 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 671.394 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: SMART Virtual TabletPC
Device ID: ROOT\HIDCLASS\0001
Manufacturer: SMART Technologies ULC
Name: SMART Virtual TabletPC
PNP Device ID: ROOT\HIDCLASS\0001
Service: SMARTVTabletPCx64
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: SMART Virtual TabletPC
Device ID: ROOT\HIDCLASS\0002
Manufacturer: SMART Technologies ULC
Name: SMART Virtual TabletPC
PNP Device ID: ROOT\HIDCLASS\0002
Service: SMARTVTabletPCx64
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 12 Plugin
Adobe Flash Player 13 ActiveX
Adobe Reader XI
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Toolbar
Blender
Bluetooth Stack for Windows by Toshiba
Bonjour
Burn.Now 4.5
CameraHelperMsi
CCleaner
Centra Client
Check Point Deployment Shell
Check Point Endpoint Security
Check Point SSL Network Extender Service
Cisco WebEx Meetings
Client Security - Password Manager
Computrace
Conexant 20585 SmartAudio HD
Configuration Manager Client
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
CutePDF Writer 2.8
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Direct DiscRecorder
Disable AMT Profile Synchronization Pop-up for Windows Vista/7
erLT
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 6.3.0.1440
Greener Web
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
HP ePrint and Share
HP FWUpdateEDO2
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Product Detection
HP Update
HPDiagnosticAlert
HPOJP8600FWUpdateAlert
I.R.I.S. OCR
iCloud
iLinc 11 Client
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Solid-State Drive Toolbox
Intel(R) Turbo Boost Technology Monitor
Interaction Center User Applications
Internet Explorer
InterVideo WinDVD 8
iTunes
Java 7 Update 55
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Power Management Driver
Lenovo System Interface Driver
Lenovo System Update
Lenovo ThinkVantage Toolbox
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MakerWare_Bundle_of_Awesome_2.4.1.24_x64_BETA
Memeo AutoSync
Memeo Instant Backup
Memeo Send
Memeo Share
Meraki Systems Manager Agent
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Dynamics AX 4.0 Client
Microsoft Endpoint Protection Management Components
Microsoft Forefront Endpoint Protection 2010 Server Management
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Policy Platform
Microsoft Security Client
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox (en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nike+ Connect
On Screen Display
PDF Split And Merge Basic
Power Manager
PretonSaver
QuickTime 7
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Seagate Dashboard
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SketchUp 8
Skype Click to Call
Skype™ 6.14
SMART Common Files
SMART Image Mate
SMART Ink
SMART Meeting Pro
SMART Notebook
SMART Product Drivers
SMART Response Software
SMART Sync Teacher
SMART Table Toolkit
Sophos Virus Removal Tool
swMSM
System Center Endpoint Protection
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Modem Adapter
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Communications Utility
ThinkVantage Fingerprint Software
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition
Visual Studio Tools for the Office system 3.0 Runtime
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0)
Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports (10/24/2013 16.31.44.402)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports (10/24/2013 16.31.44.418)
Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)
Windows Firewall Configuration Provider
Windows Internet Explorer 10
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/7/2014 11:34:41 PM, Error: Service Control Manager [7031] - The Meraki Systems Manager Agent 1.0.87 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
6/14/2014 5:44:26 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
6/14/2014 5:42:06 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
6/14/2014 5:41:41 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
6/14/2014 5:41:39 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain CLIENTELE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
6/14/2014 5:41:33 PM, Error: Service Control Manager [7000] - The SMI Helper Driver (smihlp2) service failed to start due to the following error: The system cannot find the file specified.
6/14/2014 2:43:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================

I've been getting reports from AVAST almost every day that they are blocking this virus, so I think I may have an infection that needs a closer look. I'm running Windows 7. Here is my TSG info, as well as the other logs requested in the "Everyone Must Read This" sticky thread. Any help appreciated.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 5921 Mb
Graphics Card: Intel(R) HD Graphics 3000, -1860 Mb
Hard Drives: C: Total - 144888 MB, Free - 79524 MB;
Motherboard: ASUSTeK Computer Inc., K53E
Antivirus: avast! Antivirus, Updated and Enabled


file of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:57 PM, on 6/13/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Blaine Harper\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.hola.org
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hola Internet Acceleration Service (hola_svc) - Hola Networks Ltd. - C:\Program Files\Hola\app\hola_svc.exe
O23 - Service: Hola Internet Acceleration Updater (hola_updater) - Hola Networks Ltd. - C:\Program Files\Hola\app\hola_updater.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9716 bytes


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by Blaine Harper at 22:30:33 on 2014-06-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5921.3801 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hola\app\hola_updater.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Hola\app\hola.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hola\app\hola_svc.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D6753EAD-62FC-4120-9FE8-57FC16886831} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D6753EAD-62FC-4120-9FE8-57FC16886831}\24D4C424 : DHCPNameServer = 129.66.76.4 129.66.20.4 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [hola] C:\Program Files\Hola\app\hola.exe --tray --autorun
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Blaine Harper\AppData\Roaming\Mozilla\Firefox\Profiles\lhfjyna7.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-7-4 208416]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-7-4 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-7-4 423240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-28 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-4 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-28 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-28 50344]
R2 hola_svc;Hola Internet Acceleration Service;C:\Program Files\Hola\app\hola_svc.exe [2014-1-28 5782040]
R2 hola_updater;Hola Internet Acceleration Updater;C:\Program Files\Hola\app\hola_updater.exe [2014-1-28 5782040]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2014-3-23 225792]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-7-6 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-7-6 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-7-6 171928]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-10-3 129512]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-10-3 394728]
R3 WiseHDInfo;WiseHDInfo;C:\Program Files (x86)\Wise\Wise Care 365\WiseHDInfo64.dll [2014-6-12 11304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2013-7-4 580232]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-2-21 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-3 20992]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL81 92su.sys [2013-7-3 694376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-5 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-3 1255736]
.
=============== Created Last 30 ================
.
2014-06-13 21:34:25 -------- d-----w- C:\Users\Blaine Harper\AppData\Local\Adobe
2014-06-13 14:50:02 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{77F5DB5B-960F-4C68-A34E-BBDB7859014A}\mpengine.dll
2014-06-11 01:51:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-06-10 21:23:58 752640 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2014-06-10 21:22:20 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-10 21:22:17 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-06 21:34:16 -------- d-----w- C:\Program Files (x86)\Greener Web
2014-06-02 02:23:42 -------- d-----w- C:\Program Files\Firestorm
2014-06-02 02:22:06 -------- d-----w- C:\ProgramData\Package Cache
2014-06-02 00:54:55 -------- d-----w- C:\Users\Blaine Harper\AppData\Local\SecondLife
2014-06-02 00:53:54 -------- d-----w- C:\Program Files (x86)\SecondLifeViewer
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-19 02:36:08 369168 ----a-w- C:\Windows\System32\wpcap.dll
2014-05-19 02:36:08 35344 ----a-w- C:\Windows\System32\drivers\npf.sys
2014-05-19 02:36:08 106000 ----a-w- C:\Windows\System32\packet.dll
2014-05-19 02:36:07 96784 ----a-w- C:\Windows\SysWow64\packet.dll
2014-05-19 02:36:07 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll
2014-05-15 14:06:34 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-15 14:06:34 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-15 14:04:00 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 14:04:00 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-08 09:32:02 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-04-28 14:06:10 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-28 14:06:09 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-28 14:06:09 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-28 14:06:09 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-04-28 14:06:08 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-28 14:06:07 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 01:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-31 18:27:46 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-31 14:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 22:32:04.43 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 7/3/2013 8:15:23 PM
System Uptime: 6/11/2014 7:15:33 AM (63 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53E
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 77.702 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_18511043&REV_C0\FF3A813FC86000FF00
Manufacturer: Atheros
Name: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
PNP Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_18511043&REV_C0\FF3A813FC86000FF00
Service: L1C
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
RP193: 5/18/2014 7:00:11 PM - Windows Backup
RP194: 5/21/2014 6:20:21 PM - Windows Update
RP195: 5/30/2014 9:40:14 AM - Windows Update
RP196: 6/1/2014 9:20:49 PM - Firestorm x64
RP197: 6/3/2014 8:42:02 AM - Windows Update
RP198: 6/6/2014 10:26:19 AM - Windows Update
RP199: 6/6/2014 11:57:38 AM - Restore Operation
RP200: 6/6/2014 12:07:47 PM - avast! antivirus system restore point
RP201: 6/6/2014 12:13:19 PM - Windows Update
RP202: 6/6/2014 12:14:19 PM - Restore Operation
RP203: 6/6/2014 12:23:58 PM - avast! antivirus system restore point
RP204: 6/6/2014 12:31:51 PM - Windows Update
RP205: 6/6/2014 1:05:19 PM - Windows Modules Installer
RP206: 6/6/2014 1:14:10 PM - Restore Operation
RP207: 6/8/2014 7:06:44 PM - avast! antivirus system restore point
RP208: 6/8/2014 7:13:03 PM - Windows Update
RP209: 6/8/2014 7:16:09 PM - Windows Backup
RP210: 6/8/2014 7:20:06 PM - Windows Modules Installer
RP211: 6/8/2014 7:38:34 PM - Restore Operation
RP212: 6/8/2014 7:46:53 PM - avast! antivirus system restore point
RP213: 6/8/2014 7:52:12 PM - Windows Update
RP214: 6/8/2014 7:56:19 PM - Windows Backup
RP215: 6/8/2014 8:02:47 PM - Restore Operation
RP216: 6/10/2014 11:03:34 PM - Windows Update
RP217: 6/12/2014 11:18:36 PM - Created by Wise Care 365
.
==== Installed Programs ======================
.
Adobe Flash Player 12 Plugin
Adobe Flash Player 13 ActiveX
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 12.1
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
avast! Free Antivirus
Belkin USB Wireless Adapter
Bonjour
DivX Setup
ESET Online Scanner v3
Google Chrome
Google Earth Plug-in
Google Update Helper
GPGNet
Hola™ 1.2.472 - Better Internet
Intel(R) Processor Graphics
iTunes
Java 7 Update 55
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NETGEAR Genie
Panda Cloud Cleaner
Qualcomm Atheros WiFi Driver Installation
Realtek High Definition Audio Driver
SecondLifeViewer (remove only)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Sonic Focus
Spybot - Search & Destroy
SUPERAntiSpyware
Supreme Commander - Forged Alliance
swMSM
The Weather Channel App
VC80CRTRedist - 8.0.50727.6195
VCRedistSetup
WinPatrol
Wise Care 365 3.11
Wise Care 365 version 2.92
.
==== Event Viewer Messages From Past Week ========
.
6/8/2014 8:10:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
6/8/2014 8:10:09 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/6/2014 4:39:45 PM, Error: Service Control Manager [7031] - The Update Greener Web service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/6/2014 12:32:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.175.1478.0).
6/13/2014 1:41:54 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
6/12/2014 9:55:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hola_svc service.
6/10/2014 6:53:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================


GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-14 06:54:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 rev. 0.00MB
Running: l2zqmt8s.exe; Driver: C:\Users\BLAINE~1\AppData\Local\Temp\kwryikog.sys

---- Kernel code sections - GMER 2.1 ----
.text ... * 109
---- User code sections - GMER 2.1 ----
.text ... * 2
.text ... * 2
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4432] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[233876] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[233876] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b2c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[233876] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b31287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[233876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755e14bb 2 bytes [5E, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[233876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755e1465 2 bytes [5E, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[84328] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[84328] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b2c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[84328] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b31287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[84328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755e14bb 2 bytes [5E, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[84328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755e1465 2 bytes [5E, 75]
.text C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe[2176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe[2324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2740] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe[3544] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[4216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[4216] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076978791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\Hola\app\hola_svc.exe[3272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
.text C:\Program Files\Hola\app\hola_svc.exe[3272] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077809040 13 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\Hola\app\hola_svc.exe[3272] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 14 000000007780904e 1 byte INT3
.text C:\Program Files\Hola\app\hola_updater.exe[1228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
.text C:\Program Files\Hola\app\hola_updater.exe[1228] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077809040 13 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\Hola\app\hola_updater.exe[1228] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 14 000000007780904e 1 byte INT3
.text C:\Program Files\Internet Explorer\iexplore.exe[4368] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077937ac0 6 bytes {NOP ; JMP 0xffffffff889e88e4}
.text C:\Program Files\Internet Explorer\iexplore.exe[4368] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077933b10 6 bytes {NOP ; JMP 0xffffffff889ecc4c}
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3876:3092] 000007fefbb82bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3876:3168] 000007fef2314830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3876:4100] 000007fefc455124
---- User code sections - GMER 2.1 ----
.text C:\Users\Blaine Harper\Desktop\l2zqmt8s.exe[113688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007699a2fd 1 byte [62]
.text C:\Windows\Explorer.EXE[1992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fa6000 63 bytes [00, 00, 51, 02, 54, 68, 72, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff80002fa6042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\services.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [960:3496] 000007fee5169688
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007784ef8d 1 byte [62]
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 404 fffff960001d2a98 6 bytes {JMP QWORD [RIP+0x663fe]}
.text C:\Windows\System32\win32k.sys!EngSetLastError + 608 fffff960000e4cb4 8 bytes [48, C4, F0, 03, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000113f00 7 bytes [00, 98, F3, FF, 01, A6, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000113f08 3 bytes [C0, 06, 02]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\WLANExt.exe [1192:1256] 00000000007e8684
Thread C:\Windows\system32\WLANExt.exe [1192:1260] 00000000007e8684
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????? ?????????????????????0????????????????????input.inf:Standard.NTamd64:HID_In st:6.1.7601.18199::generic_hid_device:usb\class_03&subclass_01:usb\class_03 ????USBSTOR\DiskSony____Storage_Media___0100?USBSTOR\DiskSony____Storage_Me dia___?USBSTOR\DiskSony____?USBSTOR\Sony____Storage_Media___0?Sony____Stora ge_Media___0?USBSTOR\GenDisk?GenDisk??????\\?\STORAGE#Volume#_??_USBSTOR#Di sk&Ven_Sony&Prod_Storage_Media&Rev_0100#5A08060504504&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?shT??? ?????????????????????0?????????????????????????????????????????&??????????? ???????????????????????????????????????????????????? ?????????????????????0????????????????????@volsnap.inf,%storage\volumesnaps hot.devicedesc%;Generic volume shadow copy?????\\?\ROOT#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}?????????e??D???OpenPerformanceData?*i????????????*??????o??e? ???????????3????????*?????????????????????? ???????????????? ????,??"???&?????????????? ?????????????????????,????????z??????
---- EOF - GMER 2.1 --



The part of the GMER log that saw rootkit-like behavior used to be down towards the bottom, so I don't know if I did something to change the order in the log. Please let me know if I've left anything out, and thank you for your help.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-15 04:13:18
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541612J9AT00 rev.SBDOA70H 111.79GB
Running: xk1l2eyk.exe; Driver: C:\DOCUME~1\Arun\LOCALS~1\Temp\aflcipob.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwConnectPort [0xB9C425BE]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateFile [0xBA3C053C]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateKey [0xBA3C2678]
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwCreatePort [0xB9C4250E]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateThread [0xBA3C3534]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwDeleteKey [0xBA3C2D71]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwDeleteValueKey [0xBA3C2C6F]
SSDT sptd.sys ZwEnumerateKey [0xB9ED684C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEC]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwFsControlFile [0xBA3C055E]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwOpenFile [0xBA3C051E]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwOpenKey [0xBA3C2644]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwOpenSection [0xBA3C20B3]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwProtectVirtualMemory [0xBA3C2452]
SSDT sptd.sys ZwQueryKey [0xB9ED6CC4]
SSDT sptd.sys ZwQueryValueKey [0xB9ED6B44]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwReadVirtualMemory [0xBA3C242F]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwRequestWaitReplyPort [0xBA3C17C8]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSetContextThread [0xBA3C39B4]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSetSystemInformation [0xBA3C31F7]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSetValueKey [0xBA3C2816]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSuspendProcess [0xBA3C2475]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSuspendThread [0xBA3C39F2]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwTerminateProcess [0xBA3C2410]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwTerminateThread [0xBA3C39D3]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwWriteVirtualMemory [0xBA3C23ED]

---- Kernel code sections - GMER 2.1 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB91AAEBF]
? System32\Drivers\a70jjeu7.SYS The system cannot find the path specified. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001EB1 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2520] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 022484F9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2520] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 022484D6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2520] kernel32.dll!ValidateLocale + B648 7C844EE0 7 Bytes JMP 018C3A32 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2520] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 02248457 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2520] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 01FE141D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2924] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104FD777 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2924] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 104F70E4 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs 8A1C91D8
Device \FileSystem\Fastfat \FatCdrom 89B0B980

AttachedDevice \Driver\Tcpip \Device\Ip bcftdi.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys

Device \Driver\usbuhci \Device\USBPDO-0 89CA41D8
Device \Driver\usbehci \Device\USBPDO-1 89C4B7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{DC5995B4-EAE8-469A-9FEB-845F5E044632} 89CE11D8
Device \Driver\usbuhci \Device\USBPDO-2 89CA41D8
Device \Driver\usbuhci \Device\USBPDO-3 89CA41D8
Device \Driver\usbuhci \Device\USBPDO-4 89CA41D8

AttachedDevice \Driver\Tcpip \Device\Tcp bcftdi.SYS

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A1EC1D8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A1EC1D8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys

Device \Driver\Cdrom \Device\CdRom0 89B58378
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A1EC1D8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys

Device \Driver\atapi \Device\Ide\IdePort0 [B9E2DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9E2DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E2DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9E2DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 89B58378
Device \Driver\Cdrom \Device\CdRom2 89B58378
Device \Driver\NetBT \Device\NetBt_Wins_Export 89CE11D8
Device \Driver\NetBT \Device\NetbiosSmb 89CE11D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E8CC2C58-F259-4FFE-99A8-EF185DA1040B} 89CE11D8

AttachedDevice \Driver\Tcpip \Device\Udp bcftdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp bcftdi.SYS

Device \Driver\00000066 \Device\00000097 sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 89CA41D8
Device \Driver\usbuhci \Device\USBFDO-1 89CA41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89EC01D8
Device \Driver\usbuhci \Device\USBFDO-2 89CA41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89EC01D8
Device \Driver\usbuhci \Device\USBFDO-3 89CA41D8
Device \Driver\usbehci \Device\USBFDO-4 89C4B7A0
Device \Driver\Ftdisk \Device\FtControl 8A1EC1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{71A51592-04D6-4137-8ACA-98B98A33BC6D} 89CE11D8
Device \Driver\a70jjeu7 \Device\Scsi\a70jjeu71Port2Path0Target0Lun0 89AAD980
Device \Driver\a70jjeu7 \Device\Scsi\a70jjeu71Port2Path0Target1Lun0 89AAD980
Device \Driver\a70jjeu7 \Device\Scsi\a70jjeu71 89AAD980
Device \FileSystem\Fastfat \Fat 89B0B980

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat psdfilter.sys

Device \FileSystem\Cdfs \Cdfs 89BB2980

---- Trace I/O - GMER 2.1 ----

Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8a2127ac]<< 8a2127ac
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a14aab8] 8a14aab8
Trace 3 CLASSPNP.SYS[ba188fd7] -> nt!IofCallDriver -> \Device\000000c6[0x8a23d430] 8a23d430
Trace 5 ACPI.sys[b9e90620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a166d98] 8a166d98

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedc7b19
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cee66522
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1316889643
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1097373838
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4@khjeh 0x6F 0xC7 0xCE 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4\00000001@khjeh 0x99 0x1B 0xBE 0xFB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4\00000001\0Jf40@khjeh 0x3D 0x8E 0x37 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C 53EA4\00000001\0Jf41@khjeh 0xC9 0xEF 0x32 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cedc7b19 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cee66522 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4@khjeh 0x6F 0xC7 0xCE 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001@khjeh 0x99 0x1B 0xBE 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001\0Jf40@khjeh 0x3D 0x8E 0x37 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001\0Jf41@khjeh 0xC9 0xEF 0x32 0x8E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4@khjeh 0x85 0x03 0x07 0x4D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001@khjeh 0x99 0x1B 0xBE 0xFB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001\0Jf40@khjeh 0x54 0xE4 0x1C 0xD9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA 4\00000001\0Jf41@khjeh 0x14 0x58 0x02 0x88 ...

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

I posted this in the win 7 area and got a little insight into what this is but it was suggested I post here for more details on how to get rid of what is cauing the blue screen. I have attached a screen shot and a HJT log file. This is a windows 7 system with all the current updates/service pack and 8 GB of memory.

So how do I stop these acedrv08.sys blue screen?

Thanks

Attached Images

screen.jpg (426.7 KB)

Attached Files

hijackthis.log (13.6 KB)

bump

My significant other decided to try and watch the Blackhawks' games on his PC. In the process, he pretty much said "ok" to any programs that popped up and now has a seriously messed up machine! I've attempted to uninstall all the programs that he downloaded that particular day (most I could successfully get rid of) however his Chrome browser is still being hijacked by Tuvaro and error messages abound.

Please note I DID attempt to run the DDS app as instructed however when I tried to run the program I received an NSIS error message (attaching screen shot). That said, I'm listing the necessary logs in hopes that someone can help, PLEASE! [[I'm treating the time spent on fixing his stupidity as a Father's Day gift, lol!]]

TSG SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz, x86 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 3325 Mb
Graphics Card: NVIDIA Quadro NVS 290, 256 Mb
Hard Drives: C: Total - 238377 MB, Free - 131668 MB; G: Total - 953865 MB, Free - 361309 MB;
Motherboard: Dell Inc., 0TP412
Antivirus: AVG AntiVirus 2014, Updated: Yes, On-Demand Scanner: Enabled

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:58:58 PM, on 6/15/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 35.0.1916.114
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\IePluginService\PluginService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\gorillaprice\gorillaprice.exe
C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Flash Update\winclient32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
C:\Program Files\Optimizer Pro\OptProSmartScan.exe
C:\Documents and Settings\GWB\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Optimizer Pro\OptProReminder.exe
C:\Documents and Settings\GWB\Application Data\ContentExplorer\ContentExplorer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GWB\Local Settings\Temporary Internet Files\Content.IE5\PPWBTEHI\HijackThis[1].exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwF...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwF...q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsj.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts...q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwF...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwF...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?type=ds&ts...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?type=ds&ts...q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1092;https=127.0.0.1:1092;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [upfst_us_53.exe] C:\Documents and Settings\GWB\Local Settings\Application Data\fst_us_53\upfst_us_53.exe -runhelper
O4 - HKLM\..\Run: [Windows Client Manager] C:\Program Files\Flash Update\winclient32.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows X64 Service Manager] C:\Program Files\FlashNow Updater\flsysio.exe
O4 - HKLM\..\Run: [PC HealthFix] "C:\Documents and Settings\All Users\Application Data\PC HealthFix\PCHealthFix.exe" /runscan
O4 - HKLM\..\Run: [OpenSoftwareUpdater] C:\Program Files\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [Driver Support] C:\Program Files\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Documents and Settings\GWB\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [ContentExplorer] "C:\Documents and Settings\GWB\Application Data\ContentExplorer\ContentExplorer.exe"
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.cftc.gov
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://38.98.147.87/dana-cached/sc/...etupClient.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\Documents and Settings\All Users\Application Data\IePluginService\PluginService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: vxlsnyaiet32 - Unknown owner - C:\Program Files\003\vxlsnyaiet32.exe
--
End of file - 12875 bytes

DDS Error Message:

(attached)

GMER - ARK.TXT FILE:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-15 15:21:01
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST325031 rev.4.AD 232.83GB
Running: gf7ix4ck.exe; Driver: C:\DOCUME~1\GWB\LOCALS~1\Temp\fxtdqpod.sys

---- System - GMER 2.1 ----
SSDT 8ACBDD50 ZwAllocateVirtualMemory
SSDT 8ACD4468 ZwCreateKey
SSDT 8ACC68B0 ZwCreateProcess
SSDT 8ACC71B8 ZwCreateProcessEx
SSDT 8ACBD020 ZwCreateThread
SSDT 8ACD43F0 ZwDeleteKey
SSDT 8ACB4198 ZwDeleteValueKey
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB53156E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB5315800]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB5315010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB53154D0]
SSDT 8ACBDDC8 ZwQueueApcThread
SSDT 8ACBDC60 ZwReadVirtualMemory
SSDT 8ACD0148 ZwRenameKey
SSDT 8ACBDEB8 ZwSetContextThread
SSDT 8ACBE460 ZwSetInformationKey
SSDT 8ACB45C0 ZwSetInformationProcess
SSDT 8ACBDF30 ZwSetInformationThread
SSDT 8ACCD210 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB5315300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB53153E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB5315120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB5315210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB53155E0]
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8857360, 0x33026D, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAF587A00]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[744] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B99 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1CD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC80 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7CFF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbd.sys
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
Device mrxsmb.sys
Device \FileSystem\Fastfat \Fat A145ED20
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbd.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS
---- Services - GMER 2.1 ----
Service C:\Program Files\gorillaprice\gorillaprice.exe (*** hidden *** ) [AUTO] GorillaPrice <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@ImagePath C:\Program Files\gorillaprice\gorillaprice.exe -service
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@DisplayName GorillaPrice
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@Description This service will show you offers from GorillaPrice in a seperate window, up to 8 offers per day.
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@Type 16
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@ImagePath C:\Program Files\gorillaprice\gorillaprice.exe -service
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@DisplayName GorillaPrice
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@Description This service will show you offers from GorillaPrice in a seperate window, up to 8 offers per day.
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenW ithList@MRUList acbfed
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\iexplore@Count 771
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\iexplore@Count 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\iexplore@Blocked 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Count 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Blocked 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\iexplore@Count 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\iexplore@Blocked 686
---- EOF - GMER 2.1 ----


Thank you in advance for your help and Happy Father's Day to all :)
Mongoosespaz (a/k/a Teresa)

Attached Images

NSIS Error message during DDS install.JPG (11.6 KB)

My Anti Virus has tried a number of times to delete Adware-MBrowse!09C94501CC22' and 'Adware-MBrowse!99715A0AD3C8'

These two keep popping up all the time and my AV McAFee keeps quarantining them and when prompted I agree to their removal. But they keep popping up time and again. The latest McAfee scan states
that is has been unable to delete.

I am on Win 8.1 and have re booted my computer a number of times. I have seen the file under programme files and tried to delete it there. It just wont be deleted.

Any suggestions/ comments please?

Victor

I have a PC Windows 7. I've spent 5 hours so far today trying to figure out my dilemma!


I opened some emails a few weeks ago that were how to make a lot of money emails. When I tried closing it didn't let me right away (about 5 times it said stay on this page or leave but it doesn't let you leave for about 5 times I tried).


Now, when I go into my business emails when I get videos for training, those get rich quick emails pop up and I can't see my business videos. It's on ALL of my emails, not just the email account I opened those get rich emails.


Can someone please help me. Someone said it was called browser hijack but I did what he said (another site) and it didn't work. Thank you. This is my first post (so glad there's a site like this!).

Hello, everyone.
I have made a scan with Adware and found w32.trojan.agent in my computer. When scan finished I deleted the infected files as Adware suggests, then reboot but it´s still there..
I downloaded aswMBR and scan it... these are the results:
(I´m sending them attached)
I would really really appreciate your help.

Thanks!

Attached Images

aswMBR Scan results.jpg (189.2 KB)

They are Getsavin ads

SystemLook 30.07.11 by jpshortstuff
Log created at 18:06 on 16/06/2014 by Kamil
Administrator - Elevation successful

========== filefind ==========

Searching for "*Video-Saver*.*"
No files found.

Searching for "*AVG SafeGuard*.*"
No files found.

Searching for "*AVG Secure*.*"
No files found.

Searching for "*conduit*.*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1322368 bytes [15:50 12/02/2014] [15:50 12/02/2014] 5A2B082A760722E08042E3892D07690E

Searching for "*ndibdjnfmopecpmkdieinmbadjfpblof*.*"
C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage --a---- 3072 bytes [14:25 07/05/2014] [07:41 26/05/2014] 8B7BA86B0091191A917A25CE30EF7B6B
C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal --a---- 3608 bytes [14:25 07/05/2014] [07:41 26/05/2014] 4B6BC30CB89A67B59F0900B79BE5EA00

Searching for "*SearchProtect*.*"
No files found.

Searching for "*delta-search*.*"
No files found.

Searching for "*booedmolknjekdopkepjjeckmjkdpfgl*.*"
No files found.

Searching for "*capekcnhbegaapfdadcjikcnnebplepa*.*"
No files found.

Searching for "*flpcjncodpafbgdpnkljologafpionhb*.*"
No files found.

Searching for "FirewallAPI.dll"
C:\Windows\System32\FirewallAPI.dll --a---- 462848 bytes [23:53 13/07/2009] [01:15 14/07/2009] 3F50200237961034FACE602373838980
C:\Windows\winsxs\x86_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_99ea919c2930530a\FirewallAPI.dll --a---- 462848 bytes [23:53 13/07/2009] [01:15 14/07/2009] 3F50200237961034FACE602373838980
C:\Windows\winsxs\x86_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_9c1ba564261ed6a4\FirewallAPI.dll --a---- 462848 bytes [23:53 13/07/2009] [01:15 14/07/2009] 3F50200237961034FACE602373838980

Searching for "iepeers.dll"
C:\Windows\System32\iepeers.dll --a---- 116736 bytes [23:57 24/12/2013] [23:57 24/12/2013] 1AFBAA54BDF637F69B8E02A5578286B0
C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_10.2.9200.16521_none_5e7e82bfaa2406d5\iepeers.dl l --a---- 117248 bytes [22:16 23/12/2013] [22:16 23/12/2013] 828B4A41BE891A7AEC07E693422B4A3A
C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_11.2.9600.16428_none_c2fbfc394ebe9ab8\iepeers.dl l --a---- 116736 bytes [23:57 24/12/2013] [23:57 24/12/2013] 1AFBAA54BDF637F69B8E02A5578286B0
C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7600.16385_none_57542209ca636836\iepeers.dll --a---- 186368 bytes [23:42 13/07/2009] [01:15 14/07/2009] 537FD8F1DCD6E3391C4BE30D14BE5D0E
C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7600.17267_none_576ba9c7ca517f7c\iepeers.dll --a---- 185856 bytes [12:44 21/12/2013] [05:01 02/03/2013] BFB6DB1B3E161C83258DB02A86B709DC
C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7600.21484_none_57dca7c2e382084a\iepeers.dll --a---- 186368 bytes [12:44 21/12/2013] [04:42 04/03/2013] 0BBF44F8950F4121D0D0057F9FD2F976
C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.7601.17514_none_598535d1c751ebd0\iepeers.dll --a---- 186368 bytes [16:05 22/12/2013] [12:19 20/11/2010] B54856B913CCBF23F456F87148F42920
C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_9.4.8112.16421_none_5543276d0c542bbd\iepeers.dll --a---- 118784 bytes [23:50 21/12/2013] [23:50 21/12/2013] 90A57CA422923286838AAC7DE2D41B92

========== folderfind ==========

Searching for "*Video-Saver*"
No folders found.

Searching for "*AVG SafeGuard*"
C:\AdwCleaner\Quarantine\C\Program Files\AVG SafeGuard toolbar d------ [19:12 26/05/2014]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar d------ [16:47 08/04/2014]

Searching for "*AVG Secure*"
No folders found.

Searching for "*conduit*"
No folders found.

Searching for "*ndibdjnfmopecpmkdieinmbadjfpblof*"
C:\AdwCleaner\Quarantine\C\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof d------ [19:12 26/05/2014]

Searching for "*SearchProtect*"
No folders found.

Searching for "*delta-search*"
No folders found.

Searching for "*booedmolknjekdopkepjjeckmjkdpfgl*"
No folders found.

Searching for "*capekcnhbegaapfdadcjikcnnebplepa*"
No folders found.

Searching for "*flpcjncodpafbgdpnkljologafpionhb*"
No folders found.

========== regfind ==========

Searching for "Video-Saver"
No data found.

Searching for "AVG SafeGuard"
[HKEY_USERS\.DEFAULT\Software\AVG SafeGuard toolbar]
[HKEY_USERS\S-1-5-18\Software\AVG SafeGuard toolbar]

Searching for "AVG Secure"
[HKEY_CURRENT_USER\Software\Avg Secure Update]
[HKEY_USERS\.DEFAULT\Software\Avg Secure Update]
[HKEY_USERS\S-1-5-21-1345498037-2611402124-2575896490-1001\Software\Avg Secure Update]
[HKEY_USERS\S-1-5-18\Software\Avg Secure Update]

Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"1AF74D8104403D847A0EAD9035F74F17"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\063A857434EDED11A893800002C0A966\1AF74D8104403D847A0EAD9035F7 4F17]
"File"="iSyncConduit.dll"

Searching for "ndibdjnfmopecpmkdieinmbadjfpblof"
No data found.

Searching for "SearchProtect"
No data found.

Searching for "delta-search"
No data found.

Searching for "booedmolknjekdopkepjjeckmjkdpfgl"
No data found.

Searching for "capekcnhbegaapfdadcjikcnnebplepa"
No data found.

Searching for "flpcjncodpafbgdpnkljologafpionhb"
No data found.

========== file ==========

c:\windows\system32\XDva409.sys - Unable to find/read file.

-= EOF =-

I found this post which looks similar to mine. However I`m not sure if I should the same steps mentioned in the post.

http://forums.techguy.org/virus-othe...-internet.html

Plz suggest.

Regards,
Pavan