Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 4746 articles
Browse latest View live

Can't send email - been finding stuff all day but problem persists

0
0
0000000077791510 5 bytes JMP 0000000149dd0370
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx



0000000077791560 5 bytes JMP 0000000149dd0470
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess



0000000077791570 5 bytes JMP 0000000149dd03e0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection



0000000077791620 5 bytes JMP 0000000149dd0320
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory



0000000077791650 5 bytes JMP 0000000149dd03b0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject



0000000077791670 5 bytes JMP 0000000149dd0390
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent



00000000777916b0 5 bytes JMP 0000000149dd02e0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent



0000000077791730 5 bytes JMP 0000000149dd02d0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection



0000000077791750 5 bytes JMP 0000000149dd0310
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread



0000000077791790 5 bytes JMP 0000000149dd03c0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread



00000000777917e0 5 bytes JMP 0000000149dd03f0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry



0000000077791940 5 bytes JMP 0000000149dd0230
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort



0000000077791b00 5 bytes JMP 0000000149dd0480
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject



0000000077791b30 5 bytes JMP 0000000149dd03a0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair



0000000077791c10 5 bytes JMP 0000000149dd02f0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion



0000000077791c20 5 bytes JMP 0000000149dd0350
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant



0000000077791c80 5 bytes JMP 0000000149dd0290
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore



0000000077791d10 5 bytes JMP 0000000149dd02b0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx



0000000077791d30 5 bytes JMP 0000000149dd03d0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer



0000000077791d40 5 bytes JMP 0000000149dd0330
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess



0000000077791db0 5 bytes JMP 0000000149dd0410
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry



0000000077791de0 5 bytes JMP 0000000149dd0240
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver



00000000777920a0 5 bytes JMP 0000000149dd01e0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry



0000000077792160 5 bytes JMP 0000000149dd0250
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey



0000000077792190 5 bytes JMP 0000000149dd0490
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys



00000000777921a0 5 bytes JMP 0000000149dd04a0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair



00000000777921d0 5 bytes JMP 0000000149dd0300
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion



00000000777921e0 5 bytes JMP 0000000149dd0360
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant



0000000077792240 5 bytes JMP 0000000149dd02a0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore



0000000077792290 5 bytes JMP 0000000149dd02c0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread



00000000777922c0 5 bytes JMP 0000000149dd0380
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer



00000000777922d0 5 bytes JMP 0000000149dd0340
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx



00000000777925c0 5 bytes JMP 0000000149dd0440
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder



00000000777927c0 5 bytes JMP 0000000149dd0260
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions



00000000777927d0 5 bytes JMP 0000000149dd0270
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread



00000000777927e0 5 bytes JMP 0000000149dd0400
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation



00000000777929a0 5 bytes JMP 0000000149dd01f0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState



00000000777929b0 5 bytes JMP 0000000149dd0210
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem



0000000077792a20 5 bytes JMP 0000000149dd0200
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess



0000000077792a80 5 bytes JMP 0000000149dd0420
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread



0000000077792a90 5 bytes JMP 0000000149dd0430
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl



0000000077792aa0 5 bytes JMP 0000000149dd0220
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl



0000000077792b80 5 bytes JMP 0000000149dd0280
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort



0000000077791360 5 bytes JMP 00000000778f0460
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject



00000000777913b0 5 bytes JMP 00000000778f0450
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess



0000000077791510 5 bytes JMP 00000000778f0370
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx



0000000077791560 5 bytes JMP 00000000778f0470
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess



0000000077791570 5 bytes JMP 00000000778f03e0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection



0000000077791620 5 bytes JMP 00000000778f0320
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory



0000000077791650 5 bytes JMP 00000000778f03b0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject



0000000077791670 5 bytes JMP 00000000778f0390
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent



00000000777916b0 5 bytes JMP 00000000778f02e0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent



0000000077791730 5 bytes JMP 00000000778f02d0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection



0000000077791750 5 bytes JMP 00000000778f0310
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread



0000000077791790 5 bytes JMP 00000000778f03c0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread



00000000777917e0 5 bytes JMP 00000000778f03f0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry



0000000077791940 5 bytes JMP 00000000778f0230
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort



0000000077791b00 5 bytes JMP 00000000778f0480
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject



0000000077791b30 5 bytes JMP 00000000778f03a0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair



0000000077791c10 5 bytes JMP 00000000778f02f0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion



0000000077791c20 5 bytes JMP 00000000778f0350
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant



0000000077791c80 5 bytes JMP 00000000778f0290
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore



0000000077791d10 5 bytes JMP 00000000778f02b0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx



0000000077791d30 5 bytes JMP 00000000778f03d0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer



0000000077791d40 5 bytes JMP 00000000778f0330
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess



0000000077791db0 5 bytes JMP 00000000778f0410
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry



0000000077791de0 5 bytes JMP 00000000778f0240
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver



00000000777920a0 5 bytes JMP 00000000778f01e0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry



0000000077792160 5 bytes JMP 00000000778f0250
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey



0000000077792190 5 bytes JMP 00000000778f0490
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys



00000000777921a0 5 bytes JMP 00000000778f04a0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair



00000000777921d0 5 bytes JMP 00000000778f0300
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion



00000000777921e0 5 bytes JMP 00000000778f0360
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant



0000000077792240 5 bytes JMP 00000000778f02a0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore



0000000077792290 5 bytes JMP 00000000778f02c0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread



00000000777922c0 5 bytes JMP 00000000778f0380
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer



00000000777922d0 5 bytes JMP 00000000778f0340
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx



00000000777925c0 5 bytes JMP 00000000778f0440
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder



00000000777927c0 5 bytes JMP 00000000778f0260
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions



00000000777927d0 5 bytes JMP 00000000778f0270
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread



00000000777927e0 5 bytes JMP 00000000778f0400
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation



00000000777929a0 5 bytes JMP 00000000778f01f0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState



00000000777929b0 5 bytes JMP 00000000778f0210
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem



0000000077792a20 5 bytes JMP 00000000778f0200
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess



0000000077792a80 5 bytes JMP 00000000778f0420
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread



0000000077792a90 5 bytes JMP 00000000778f0430
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl



0000000077792aa0 5 bytes JMP 00000000778f0220
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl



0000000077792b80 5 bytes JMP 00000000778f0280
.text C:\Windows\system32\wininit.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189



000000007767ef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort



0000000077791360 5 bytes JMP 00000000778f0460
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject



00000000777913b0 5 bytes JMP 00000000778f0450
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess



0000000077791510 5 bytes JMP 00000000778f0370
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx



0000000077791560 5 bytes JMP 00000000778f0470
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess



0000000077791570 5 bytes JMP 00000000778f03e0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection



0000000077791620 5 bytes JMP 00000000778f0320
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory



0000000077791650 5 bytes JMP 00000000778f03b0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject



0000000077791670 5 bytes JMP 00000000778f0390
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent



00000000777916b0 5 bytes JMP 00000000778f02e0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent



0000000077791730 5 bytes JMP 00000000778f02d0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection



0000000077791750 5 bytes JMP 00000000778f0310
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread



0000000077791790 5 bytes JMP 00000000778f03c0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread



00000000777917e0 5 bytes JMP 00000000778f03f0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry



0000000077791940 5 bytes JMP 00000000778f0230
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort



0000000077791b00 5 bytes JMP 00000000778f0480
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject



0000000077791b30 5 bytes JMP 00000000778f03a0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair



0000000077791c10 5 bytes JMP 00000000778f02f0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion



0000000077791c20 5 bytes JMP 00000000778f0350
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant



0000000077791c80 5 bytes JMP 00000000778f0290
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore



0000000077791d10 5 bytes JMP 00000000778f02b0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx



0000000077791d30 5 bytes JMP 00000000778f03d0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer



0000000077791d40 5 bytes JMP 00000000778f0330
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess



0000000077791db0 5 bytes JMP 00000000778f0410
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry



0000000077791de0 5 bytes JMP 00000000778f0240
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver



00000000777920a0 5 bytes JMP 00000000778f01e0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry



0000000077792160 5 bytes JMP 00000000778f0250
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey



0000000077792190 5 bytes JMP 00000000778f0490
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys



00000000777921a0 5 bytes JMP 00000000778f04a0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair



00000000777921d0 5 bytes JMP 00000000778f0300
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion



00000000777921e0 5 bytes JMP 00000000778f0360
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant



0000000077792240 5 bytes JMP 00000000778f02a0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore



0000000077792290 5 bytes JMP 00000000778f02c0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread



00000000777922c0 5 bytes JMP 00000000778f0380
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer



00000000777922d0 5 bytes JMP 00000000778f0340
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx



00000000777925c0 5 bytes JMP 00000000778f0440
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder



00000000777927c0 5 bytes JMP 00000000778f0260
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions



00000000777927d0 5 bytes JMP 00000000778f0270
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread



00000000777927e0 5 bytes JMP 00000000778f0400
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation



00000000777929a0 5 bytes JMP 00000000778f01f0
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState



00000000777929b0 5 bytes JMP 00000000778f0210
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem



0000000077792a20 5 bytes JMP 00000000778f0200
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess



0000000077792a80 5 bytes JMP 00000000778f0420
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread



0000000077792a90 5 bytes JMP 00000000778f0430
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl



0000000077792aa0 5 bytes JMP 00000000778f0220
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl



0000000077792b80 5 bytes JMP 00000000778f0280
.text C:\Windows\system32\winlogon.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189



000000007767ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort



0000000077791360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject



00000000777913b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess



0000000077791510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx



0000000077791560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess



0000000077791570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection



0000000077791620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory



0000000077791650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject



0000000077791670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent



00000000777916b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent



0000000077791730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection



0000000077791750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread



0000000077791790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread



00000000777917e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry



0000000077791940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort



0000000077791b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject



0000000077791b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair



0000000077791c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion



0000000077791c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant



0000000077791c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore



0000000077791d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx



0000000077791d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer



0000000077791d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess



0000000077791db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry



0000000077791de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver

Computer running with a HITCH in it's getalong.

0
0
My computer has suddenly developed a hitch. There is a lag...a 1 or 2 second hesitation...before it does what it is supposed to do. It seems to be on a lot of things: Word, internet sites, etc. I even opened Solitaire to see if that ran smoothly, and it didn't. Weirdly enough, typing here on this forum seems to be working normally. ????? I'm guessing I have some malignant malware somehow.

Here are the scans:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:42 PM, on 6/15/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Users\Deni\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Deni\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Deni\Downloads\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AddressBookReminderApp] C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Deni\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PHOTOfunSTUDIO 5.0.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show avast! EasyPass Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 11227 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17126
Run by Deni at 23:11:23 on 2014-06-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.1802 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Deni\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Deni\Downloads\HijackThis.exe
C:\Users\Deni\Downloads\HijackThis(1).exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
BHO: {0347C33E-8762-4905-BF09-768834316C61} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AddressBookReminderApp] c:\program files\creative home\hallmark card studio 2011 deluxe\ReminderApp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\deni\appdata\roaming\micros~1\windows\startm~1\programs\startup\dr opbox.lnk - c:\users\deni\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\program files\creative home\hallmark card studio 2011 deluxe\planner\PLNRnote.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{5264e937-b015-11d2-8c0e-00c04fbbcff9}\A12970B7.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show avast! EasyPass Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{28166910-17FD-420B-A55B-611942E95745} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\deni\appdata\roaming\mozilla\firefox\profiles\50f30f2v.default-1400260260566\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswndisflt.sys [2014-4-23 270240]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-4 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-4 180632]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-24 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-1-19 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-1-19 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-23 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-19 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-7 68312]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-23 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-4-23 109048]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-6-30 13336]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2012-11-5 470528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-29 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-10 108032]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-8-27 30576]
S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2012-11-5 20480]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2009-11-18 15576]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-14 04:04:36 -------- d-sh--w- c:\users\deni\appdata\local\EmieUserList
2014-06-14 04:04:36 -------- d-sh--w- c:\users\deni\appdata\local\EmieSiteList
2014-06-14 01:00:35 8073384 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4dd6da3a-5321-4c42-8301-5a8d12445fee}\mpengine.dll
2014-06-10 23:10:40 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-10 23:10:40 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-10 23:10:39 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-10 23:10:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-10 23:10:38 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-10 23:10:38 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-10 23:10:37 626688 ----a-w- c:\windows\system32\usp10.dll
.
==================== Find3M ====================
.
2014-05-30 09:02:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 09:02:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 08:44:28 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 08:28:30 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-05-30 08:27:56 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 08:21:36 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 08:10:46 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 07:56:50 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- c:\windows\system32\wininet.dll
2014-05-15 15:35:24 270240 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-05-15 15:35:23 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-15 15:35:17 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-14 23:40:57 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 23:40:57 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-07 22:11:38 304 ----a-w- c:\windows\system32\ff.bin
2014-05-07 22:09:55 546 ----a-w- c:\windows\system32\schtasks.bin
2014-04-23 21:05:09 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-23 21:05:09 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400168076924
2014-04-23 21:05:09 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-23 21:05:09 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-23 21:05:09 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400168076924
2014-04-23 21:05:09 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-23 21:05:09 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-23 21:05:08 43152 ----a-w- c:\windows\avastSS.scr
2014-04-23 21:04:53 269728 ----a-w- c:\windows\system32\drivers\aswndisflt.sys.1400168076924
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-10 05:36:38 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-04-01 05:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-04-01 05:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-01 04:41:40 58568 ----a-w- c:\windows\system32\sirenacm.dll
2014-04-01 04:34:22 322248 ----a-w- c:\windows\WLXPGSS.SCR
2014-03-31 16:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2009-11-19 18:07:15 45639680 ----a-w- c:\program files\iPod for Windows 2006-06-28.msi
.

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-16 19:50:56
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.02.0 232.83GB
Running: t0vjtinp.exe; Driver: C:\Users\Deni\AppData\Local\Temp\ugldakob.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8BA69AA0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8BA6A57E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8BA765C8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8BA76614]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8BA767AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8BA76536]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8BB206D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8BA7657E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x8BA6AAB4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8BA6ACD0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8BA76768]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8BA6B36C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8BA69B06]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8BA6EB40]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8BA696F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8BB207B2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8BA69B6C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8BA6EF36]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8BA6BE54]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8BA765F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8BA76636]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8BA767D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8BA7655C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8BA6E43A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8BA766E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8BA765A6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8BA6E822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8BA7678C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8BB20556]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8BA6BCC8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8BA6B9D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8BA69BD2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8BA69C38]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8BB208AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8BA6978C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8BA6995E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8BA698EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8BA6B536]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8BA6B698]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8BA699E6]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8BB20624]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8BA6B1C6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8BA69C9E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8BA6A5DA]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C4EA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C88212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C8F460 4 Bytes [A0, 9A, A6, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C8F4E8 4 Bytes [7E, A5, A6, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C8F53C 8 Bytes [C8, 65, A7, 8B, 14, 66, A7, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C8F548 4 Bytes [AE, 67, A7, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C8F564 4 Bytes [36, 65, A7, 8B]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E4A4EF 4 Bytes CALL 8BA6C517 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E64357 4 Bytes CALL 8BA6C52D \SystemRoot\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[112] KERNEL32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[380] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[436] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1320] kernel32.dll!SetUnhandledExceptionFilter 763AF5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1320] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1440] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1500] kernel32.dll!SetUnhandledExceptionFilter 763AF5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1500] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe[1548] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1612] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1772] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1940] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3064] kernel32.dll!SetUnhandledExceptionFilter 763AF5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3064] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3100] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[3200] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\system32\conhost.exe[3296] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3316] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text ...
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3988] kernel32.dll!SetUnhandledExceptionFilter 763AF5AB 5 Bytes JMP 319E53FC C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3988] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3988] ole32.dll!OleLoadFromStream 769F6143 5 Bytes JMP 324AF68E C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4184] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Users\Deni\AppData\Roaming\Dropbox\bin\Dropbox.exe[4468] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4572] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[4876] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text ...
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtCreateFile + 6 770B560E 4 Bytes [28, 60, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtCreateFile + B 770B5613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtCreateKey + 6 770B564E 4 Bytes [68, 61, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtCreateKey + B 770B5653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtCreateMutant + 6 770B568E 4 Bytes [68, 62, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtCreateMutant + B 770B5693 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtCreateSection + 6 770B572E 4 Bytes [A8, 62, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtCreateSection + B 770B5733 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtMapViewOfSection + B 770B5C73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenFile + 6 770B5D1E 4 Bytes [68, 60, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenFile + B 770B5D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenKey + 6 770B5D4E 4 Bytes [A8, 61, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenKey + B 770B5D53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenKeyEx + B 770B5D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenMutant + 6 770B5D9E 4 Bytes [28, 62, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenMutant + B 770B5DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenProcess + 6 770B5DCE 4 Bytes [68, 63, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenProcess + B 770B5DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenProcessToken + 6 770B5DDE 4 Bytes [A8, 63, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenProcessToken + B 770B5DE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenProcessTokenEx + 6 770B5DEE 4 Bytes [68, 64, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenProcessTokenEx + B 770B5DF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenSection + B 770B5E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenThread + 6 770B5E4E 4 Bytes [28, 63, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenThread + B 770B5E53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenThreadToken + 6 770B5E5E 4 Bytes [28, 64, 07, 00] {SUB [EDI+EAX+0x0], AH}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenThreadToken + B 770B5E63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenThreadTokenEx + 6 770B5E6E 4 Bytes [A8, 64, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtOpenThreadTokenEx + B 770B5E73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtQueryAttributesFile + 6 770B5F7E 4 Bytes [A8, 60, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtQueryAttributesFile + B 770B5F83 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtQueryFullAttributesFile + B 770B6033 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtSetInformationFile + 6 770B667E 4 Bytes [28, 61, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtSetInformationFile + B 770B6683 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtSetInformationThread + B 770B66E3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtUnmapViewOfSection + 6 770B69FE 4 Bytes [28, 65, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ntdll.dll!NtUnmapViewOfSection + B 770B6A03 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] kernel32.dll!CreateProcessW 7636204D 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] kernel32.dll!CreateProcessA 76362082 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!ActivateKeyboardLayout 76C98203 5 Bytes JMP 001304F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!ScreenToClient 76C9A506 7 Bytes JMP 00130670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!RegisterClipboardFormatA 76C9C091 5 Bytes JMP 001302F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!RegisterClipboardFormatW 76C9DF8D 5 Bytes JMP 001302B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!SetCursor 76CA3075 5 Bytes JMP 00130530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!MonitorFromWindow 76CA3622 7 Bytes JMP 00130630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!PostMessageW 76CA447B 5 Bytes JMP 001305F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!IsWindowVisible 76CA4D69 7 Bytes JMP 001306B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetClientRect 76CA54DD 7 Bytes JMP 001305B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!MapWindowPoints 76CA5CAA 5 Bytes JMP 00130570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetParent 76CA6029 7 Bytes JMP 001306F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!EmptyClipboard 76CB290C 5 Bytes JMP 00130130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!SetClipboardData 76CB2962 5 Bytes JMP 00130170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetClipboardData 76CB2BA7 5 Bytes JMP 00130030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetClipboardFormatNameW 76CB5FD2 5 Bytes JMP 00130230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!SetClipboardViewer 76CB6FF6 5 Bytes JMP 001304B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetClipboardFormatNameA 76CB700A 5 Bytes JMP 00130270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!ChangeClipboardChain 76CC147C 5 Bytes JMP 00130430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetTopWindow 76CC24D9 5 Bytes JMP 00130730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetTopWindow + 6 76CC24DF 1 Byte [CC] {INT 3 }
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!CloseClipboard 76CC446C 5 Bytes JMP 001300B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!OpenClipboard 76CC447E 5 Bytes JMP 00130070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!IsClipboardFormatAvailable 76CC44FF 5 Bytes JMP 001300F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetClipboardSequenceNumber 76CC4513 5 Bytes JMP 00130330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetClipboardOwner 76CC4525 5 Bytes JMP 00130370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!CountClipboardFormats 76CC470A 5 Bytes JMP 001301F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!EnumClipboardFormats 76CC47EC 5 Bytes JMP 001301B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetOpenClipboardWindow 76CC480B 5 Bytes JMP 001303F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!SetCursorPos 76CDC1B0 5 Bytes JMP 00130770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetClipboardViewer 76CF4AF7 5 Bytes JMP 00130470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] user32.DLL!GetPriorityClipboardFormat 76CF4BF9 5 Bytes JMP 001303B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!DeleteObject 753F5F14 5 Bytes JMP 001401B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SelectObject 753F6640 5 Bytes JMP 001405F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SetTextColor 753F6906 5 Bytes JMP 00140A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SetBkMode 753F69B1 5 Bytes JMP 001408F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!DeleteDC 753F6EAA 5 Bytes JMP 00140170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetDeviceCaps 753F6F7F 5 Bytes JMP 001403B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!ExtSelectClipRgn 753F7114 5 Bytes JMP 001402F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SelectClipRgn 753F7242 5 Bytes JMP 001405B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SetStretchBltMode 753F7705 5 Bytes JMP 001406B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetCurrentObject 753F7917 5 Bytes JMP 00140370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetTextMetricsW 753F7B8F 5 Bytes JMP 00140E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetTextAlign 753F7DAF 5 Bytes JMP 00140D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!IntersectClipRect 753F7DFE 5 Bytes JMP 001403F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!ExtTextOutW 753F8192 5 Bytes JMP 00140970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SetTextAlign 753F828E 5 Bytes JMP 001409F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetClipBox 753F8525 5 Bytes JMP 00140330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!MoveToEx 753F8C21 5 Bytes JMP 00140470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!StretchDIBits 753FA53E 5 Bytes JMP 00140770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!RestoreDC 753FA67B 5 Bytes JMP 00140530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SaveDC 753FA74B 5 Bytes JMP 00140570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetTextExtentPoint32W 753FB4B5 5 Bytes JMP 00140670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetTextFaceW 753FB73A 2 Bytes JMP 00140D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetTextFaceW + 3 753FB73D 2 Bytes [D4, 8A] {AAM 0x8a}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetFontData 753FBCC4 5 Bytes JMP 00140C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SetWorldTransform 753FC90A 5 Bytes JMP 001406F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!CreateDCA 753FCCA9 5 Bytes JMP 001400B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!CreateDCW 753FCF79 5 Bytes JMP 001400F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!CreateICW 753FCFD0 5 Bytes JMP 00140130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetTextMetricsA 753FD0F2 5 Bytes JMP 00140DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!Rectangle 753FF1FF 5 Bytes JMP 001409B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!LineTo 753FF59B 5 Bytes JMP 00140430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SetICMMode 753FFAA4 5 Bytes JMP 00140DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!ExtTextOutA 75400D20 5 Bytes JMP 00140930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetTextExtentPoint32A 7540117F 5 Bytes JMP 00140630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!ExtEscape 75402D49 5 Bytes JMP 001402B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!Escape 75403400 5 Bytes JMP 00140270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!ResetDCW 75403A9B 5 Bytes JMP 00140AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!EndPage 754040DA 5 Bytes JMP 00140230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SetPolyFillMode 754067E1 5 Bytes JMP 00140B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SetMiterLimit 7540699D 5 Bytes JMP 00140B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetTextFaceA 75410D22 5 Bytes JMP 00140CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!GetGlyphOutlineW 7541C2DA 5 Bytes JMP 00140CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!CreateScalableFontResourceW 7541E937 5 Bytes JMP 00140BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!AddFontResourceW 7541ED33 5 Bytes JMP 00140BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!RemoveFontResourceW 7541F229 5 Bytes JMP 00140C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!AbortDoc 75424E29 5 Bytes JMP 00140030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!EndDoc 75425270 5 Bytes JMP 001401F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!StartPage 7542535B 5 Bytes JMP 00140730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!StartDocW 75425D76 5 Bytes JMP 001407F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!BeginPath 7542651D 5 Bytes JMP 00140830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!SelectClipPath 75426574 5 Bytes JMP 00140AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!CloseFigure 754265CF 5 Bytes JMP 00140070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!EndPath 75426626 5 Bytes JMP 00140A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!StrokePath 75426859 5 Bytes JMP 001407B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!FillPath 754268E6 5 Bytes JMP 00140870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!PolylineTo 75426D54 5 Bytes JMP 001404F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!PolyBezierTo 75426DE5 5 Bytes JMP 001404B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] GDI32.dll!PolyDraw 75426E97 5 Bytes JMP 001408B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ole32.dll!OleSetClipboard 76A50045 5 Bytes JMP 00160030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ole32.dll!OleIsCurrentClipboard 76A536B2 5 Bytes JMP 00160070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[6932] ole32.dll!OleGetClipboard 76A7FDCD 5 Bytes JMP 001600B0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6992] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6992] USER32.dll!RegisterMessagePumpHook + 2F1 76C98B9E 7 Bytes JMP 51AA9931 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6992] USER32.dll!IsDialogMessageW + 340 76CA4444 7 Bytes JMP 51AA99A2 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6992] USER32.dll!GetWindowInfo 76CA4B5E 5 Bytes JMP 51AAD777 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6992] USER32.dll!ToUnicodeEx + 71 76CB2223 7 Bytes JMP 51AA70E4 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7472] ntdll.dll!LdrUnloadDll 770CC8DE 5 Bytes JMP 000203FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[7472] ntdll.dll!LdrLoadDll 770D22AE 5 Bytes JMP 6F5D1EB1 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7472] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 763A94E6 7 Bytes JMP 521F84D6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7472] KERNEL32.dll!QueryPerformanceCounter + 13 763AC4E5 7 Bytes JMP 521F84F9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7472] KERNEL32.dll!LoadAppInitDlls + 355 763AF5A6 7 Bytes JMP 51873A32 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7472] KERNEL32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[7472] GDI32.dll!GetViewportOrgEx + 26C 753F884B 7 Bytes JMP 521F8457 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Users\Deni\Downloads\t0vjtinp.exe[7640] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]
.text C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe[7804] kernel32.dll!GetBinaryTypeW + 70 763C6AAC 1 Byte [62]

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- EOF - GMER 2.1 ----

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3036 Mb
Graphics Card: Intel(R) G45/G43 Express Chipset, 1294 Mb
Hard Drives: C: Total - 223377 MB, Free - 92113 MB;
Motherboard: Dell Inc., 0JJW8N
Antivirus: avast! Antivirus, Updated and Enabled

Chrome search directed to other engines

0
0
bump? Still waiting for a response.

ASPCA Reminder by We-Care.com v4.1.22.1

0
0
Laptop : Lenovo y510p
OS : Windows 8 64bit
Program in Question : ASPCA Reminder by We-Care.com

Hey everyone,

I was on my laptop last week and noticed something that was never there before. It happened after a file download that had you "accept" or "decline" multiple offers and i must have clicked accept by accident on this particular one. The program is called ASPCA Reminder by We-Care.com v4.1.22.1

I first noticed the program when i saw this "W" Icon on my Google browser.



I then went into my extensions to disable and trash this program, but was unable to as the trash icon and "enable" button are greyed out, as you can see here.



I then went into add/remove programs to see if anything was there. I found this bugger, which immediately threw a red flag when it claimed it was installed in July of 2013. This was definitely installed just last week, not last year.



I tried to uninstall it, and was unable to when I received this error message




I've already run Malware Bytes, Junk Removal Tool, CC Cleaner, and 2 other programs that were recommended when I looked around for solutions to this. I apologize for not having the text logs as I am currently at work. I can rerun them tonight and post them after if needed, which I'm sure it is :) I did notice a lot of things related to We-Care getting removed when I ran them, but alas, it still exists.

In summation, help!

Thanks guys!

Attached Images
File Type: png Capture3.PNG (6.4 KB)

PC sometimes doesnt start up and easily crashes when sending files to usb etc

0
0
hi mark, the pc is no longer starting up. I think I should just take it to a shop. Thanks for all your help and sorry for such long delays. ive been so busy finishing a degree, doing many courses and working as well.

Thanks again

Dawud

No Internet After System Restore (Asus Windows 7)

0
0
Hello! I hope everyone is doing well.

I will try to give as much detail as possible here.

My computer and internet info:
-Windows 7 (Asus laptop) about 2 years old. Has always run fabulously-until recently.
-Wireless home internet with Dish Network.

I had apparently caught a couple of viruses on my computer a few weeks ago. I'm not
sure how exactly, cause I don't visit shady sites. But nonetheless I caught these viruses.
They were causing my web browsers (chrome and firefox) and internet to run really slow
and be kind of glitchy. Sometimes videos would play on YT and other times not. Other
times they would just be really slow. Regular net surfing was also really slow.

At first my regular computer (non internet) functions seemed to be fine, but then my
computer browser starting getting pretty slow too. Especially when trying to view my
pictures folder. The pics would need time to load (they never did that before) and then when
I would scroll down and try to go back up, the pics that had already loaded would need to
re-load again. :/

My computer was also taking a LONG time to boot up. Normally it will boot up really quickly.
But since the viruses it has started taking about 10 or more minutes from the moment I turn
it on to it actually getting to my desktop and connecting to the internet.

I made sure none of this was due to needed updates. All Windows updates were up-to-date.
All updates like Java and Flash were up-to-date. Everything seemed like it should be fine
so I figured I must have a virus. I ran Malwarebytes, did a full scan, and found 2 viruses. I
don't remember their names, though neither said trojan. One was something about a download
bar (I have no idea what its talking about, I downloaded no such bar). But I quarantined and then
clicked to delete them. Afterwards my computer was acting no different, even after restarting it.

So then I ran a system restore to the furthest back point which was about a month or a little more
ago (7th of last month, just to make sure it was far enough). This seemed to fix the problems
with my regular non-internet computer functions, BUT after the system restore my computer
would no longer pick up on ANY of the surrounding wireless internet connections. :/ Not the one
for my house, not for the neighbors (it used to pick up all of them). So then I un-did the system restore
and it didn't fix the no-connections problem. So then I system restored it back to May 7th again.
Still no good.

I have run other system restores in the past and this has NEVER happened to me. :/ I have been trying
for hours to re-connect to the internet through the control panel, but it keeps popping up the usual
internet list box, which, as I stated, is currently empty... I also tried to un-install the Aetheros driver
thing (without deleting it) and then letting it re-install after restarting the comp and that didn't work either.
I tried this twice. No matter what I do my computer just will not pick up on my home wireless connection.

Please help if you can!!! I would be so appreciative! I really don't know what's going on. I have never had these
problems before.

Thank you so much for your time!

pop up message from Mcafee saying that blocked unwanted program.

0
0
Whenever I try to access my system, I'm getting a message from Mcafee saying that Unwanted program blocked.

I click to know more information about this program it gives:

Name: Generic.pup.y

Quarantined from - c:\program files(x86)\settings manager\systemk\x64\sysapcrt.dll

System info:

Operating system : Windows 8.1(Dell inspiron laptop)

Ram - 4GB

I3 processor @ 1.80 ghz

Antivirus: McAfee Anti-Virus, Updated and Enabled

Any help would be appreciated

Random audio ads and recommended download pop-ups

0
0
Hello,

I see that I have an issue that others have had regarding random audio ads running in the background on my computer, as well as periodic pop-ups advertising "updates" for Internet Explorer and Java.

I get the sense that the solution to this type of problem may differ from case to case, so any help you can give me is much appreciated. Thanks!

All I've done so far is run a myriad of malware deletion programs, including Hitman, Malwarebytes, adw, among several others.

Thank you.

Trojan.Viknok Activity 3. Keep geting attacked

0
0
I do not know when this started, but every TEN seconds for the last two days my Norton 360 Premier Addition has been saying "Norton blocked an attack by:System Infected:Trojan.Viknok Activity 3."


It also says "The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE." the attackers are varied sometimes,but the attackers always seems to have around the same URL which is (88.198.188.101,80). The last two-three numbers of the URL change, but the first two stay the same.(Don't know if that helps?)


I've tried removal Guides, but that didn't work. I've only been using computers for the last 3 years and I would Appreciate any help.This thing has made me a little scared. So sorry if I came on a little to strong.




Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A4-3305M APU with Radeon(tm) HD Graphics, AMD64 Family 18 Model 1 Stepping 0
Processor Count: 2
RAM: 3562 Mb
Graphics Card: AMD Radeon(TM) HD 6480G, 512 Mb
Hard Drives: C: Total - 584891 MB, Free - 497795 MB; D: Total - 21323 MB, Free - 2301 MB; E: Total - 4055 MB, Free - 4045 MB;
Motherboard: Hewlett-Packard, 169B
Antivirus: Norton 360 Premier Edition, Updated and Enabled

Attack!!

0
0
I'm going to move this to the virus/malware forum, as this is going to be in depth, I believe, especially as you had given them access to your rig.

thanks,

v

Random Computer Crashes

Need help with Bin - miner.exe removal and other problems.

0
0
Sorry for this double post but I have noticed 2 things now.

1. Even though I have an fireforx persona enabled right now, it no longer displays when I open up my fire fox browser. Whenever I switch to a new persona I see the image of it appear for an instance, but then it returns to being blank at the location the persona image typically appears. It then tells me that the persona I have just chose is already being in used / is selected.

2. For whatever reason, loading all webpages have been significatnly slowed down, or maybe thats just me feeling about it due to this entire situation. Something I didn't mention in my first post about background information. I mentioned it breifly, but I tried to tackle this problem by myself at first, so I googled : Bin - miner.exe and click on one of the results and it gave me images of a step by step tutorial to removing this.

As a result, I downloaded one of the applications it was using to test it out. Unfortunately I forget what the program was called ,and now when I try to search for that site / tutorial removal page I can't find it anywhere. When I finished the scan on the program, it did not detect anything, so I tried to "x" out of it, and I may have clicked on the wrong thing by accident but the next thing it did was automatically restart my computer, and it produced a log I read it, and it looked as it deleted or modified some thing to both my firefox and chrome browsers. Afterwards, I decided to uninstall the program, and clicked on a button within the program menua and it disappeared along with the log it produced.

When I reopened firefox the first thing I noticed was that my personas was gone and my color schemes and customizations were back to its default, except some of of my other addons and bookmarks all remained in the same spot and did not change.

Please help I'm afraid to use my computer right now, not knowing what might happen next.

Addendum:

I don't know why but my computer is now always running at 100% CPU, it won't ever go lower than 100% and I'm afraid of overheating the system, please help me, I don't know what the problem is.

Earlier I ran an Avast virus scan, and the fan speed and CPU has been going berserk ever since.

** Just looked at my taskmanager and ended a process called coin miner.exe, what is it??

As soon as I disabled it my cpu has returned to normal, I dont even know how I activated it or it became active on its own.!!!

Windows media player classic

0
0
I am having so much trouble getting rid of these "Windows media classic" upgrade pop-ups.How do i get rid of them?

FB remote access trojans

0
0
Hi and welcome. :)

Just change your passwords on your e-mail and FB. That should keep them away.

WIN32:Dropper-gen

0
0
Hello,
win32:dropper-gen was found and avast did a reboot scan. It shows that there are 6 items in the chest 5 of them are the win32:dropper-gen, but when I do another scan there is nothing found. The icon for firefox has changed to a magnifying glass and all browsers are not running properly; firefox I get virus alerts, chrome opens 6 tabs and home has changed to trovi.com, and explorer say error anytime I click on anything on your website.I am having trouble with my keyboard also, so sorry for any spelling errors but its random when keys register and which ones. From the looks of it te kids have been messing around wit stuff and downloading without permission and the computer is breeding viruses?:o



Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8148 Mb
Graphics Card: NVIDIA GeForce GT 620, 1024 Mb
Hard Drives: C: Total - 1890096 MB, Free - 1660115 MB; D: Total - 17529 MB, Free - 2159 MB;
Motherboard: Foxconn, 2ADA
Antivirus: avast! Antivirus, Updated and Enabled

Hijackhis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:25:27 PM, on 6/18/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Users\Brents new toy\AppData\Local\LPT\srptm.exe
C:\Program Files\V-bates\notifier.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Brents new toy\AppData\Local\Smartbar\Application\SnapDo.exe
C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\RunDll32.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\ViewPlay\bin\ViewPlay.BrowserAdapter.exe
C:\Users\Brents new toy\AppData\Local\Smartbar\Application\Lrcnta.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7 w5iPtWyxK0jUySHVWCzjBvumKfvdDCI8LczpyCvgC75WLBNq3t3GQz86lhI4fYHspneaGwDewNM iimUG48zDreZAafxYk3W3VSuHtR811kUT419HDA6iFwmCfdEeuOSADNiMjg,,&q={searchTerm s}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7 w5iPtWyxK0jUySHVWCzjBvumKfvdDCI8LczpyCvgC75WLBNq3t3GQz86lhI4fYHspneaGwDewNM iimUG48zDreZAafxYk3W3VSuHtR811kUT419HDA6iFwmCfdEeuOSADNiMjg,,&q={searchTerm s}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7 w5iPtWyxK0jUySHVWCzjBvumKfvdDCI8LczpyCvgC75WLBNq3t3GQz86lhI4fYHspneaGwDewNM iimUG48zDreZAafxYk3W3VSuHtR811kUT419HDA6iFwmCfdEeuOSADNiMjg,,&q={searchTerm s}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7 w5iPtWyxK0jUySHVWCzjBvumKfvdDCI8LczpyCvgC75WLBNq3t3GQz86lhI4fYHspneaGwDewNM iimUG48zDreZAafxYk3W3VSuHtR811kUT419HDA6iFwmCfdEeuOSADNiMjg,,&q={searchTerm s}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: V-bates Helper - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll
O2 - BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: ViewPlay - {6336aaf8-3481-495b-bb79-70deb1f1590d} - C:\Program Files (x86)\ViewPlay\ViewPlaybho.dll
O2 - BHO: KESIReaderBHO - {67EC1BB4-1AC3-4B5E-9CAD-DA52013E7C31} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TidyNetwork - {7FD90B8A-633B-3C63-E6CE-7507A3BF892E} - C:\Program Files (x86)\TidyNetwork\petn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [dnsshield] C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\Brents new toy\AppData\Local\Smartbar\Application\SnapDo.exe startup
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6B3205-6B46-4638-9D07-464101850577}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C81864D-53C3-4A3C-9020-129865D997EA}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{694FD631-68BC-434A-B427-30DFD51FBB36}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C64C70-CA8C-42A7-BD16-F8759D95DECC}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C6B3205-6B46-4638-9D07-464101850577}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6B3205-6B46-4638-9D07-464101850577}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LPT System Updater Service (LPTSystemUpdater) - Unknown owner - C:\Program Files (x86)\LPT\srpts.exe
O23 - Service: Mext Guard - Wajamu - C:\Program Files\V-bates\guardsvc.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update ViewPlay - Unknown owner - C:\Program Files (x86)\ViewPlay\updateViewPlay.exe
O23 - Service: Util ViewPlay - Unknown owner - C:\Program Files (x86)\ViewPlay\bin\utilViewPlay.exe
O23 - Service: V-bates Updater - Unknown owner - C:\Program Files\V-bates\ExtensionUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.7 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19697 bytes

[BA pop up window appears at the end of scan saying "for some reason your system denied write access to the hosts file. if any hijacked domans are in this file, HijackThis may not be able to fix this......"[/B]


dds.txt file

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by Brents new toy at 17:29:57 on 2014-06-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8148.5560 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LPT\srpts.exe
C:\Program Files\V-bates\guardsvc.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\LPT\srptsl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Users\Brents new toy\AppData\Local\LPT\srptm.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ViewPlay\updateViewPlay.exe
C:\Program Files (x86)\ViewPlay\bin\utilViewPlay.exe
C:\Program Files\V-bates\ExtensionUpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\V-bates\notifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Brents new toy\AppData\Local\Smartbar\Application\SnapDo.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\RunDll32.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ViewPlay\bin\ViewPlay.PurBrowse64.exe
C:\Program Files (x86)\ViewPlay\bin\ViewPlay.BrowserAdapter.exe
C:\Users\Brents new toy\AppData\Local\Smartbar\Application\Lrcnta.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_125_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7 w5iPtWyxK0jUySHVWCzjBvumKfvdDCI8LczpyCvgC75WLBNq3t3GQz86lhI4fYHspneaGwDewNM iimUG48zDreZAafxYk3W3VSuHtR811kUT419HDA6iFwmCfdEeuOSADNiMjg,,&q={searchTerm s}
uSearch Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7 w5iPtWyxK0jUySHVWCzjBvumKfvdDCI8LczpyCvgC75WLBNq3t3GQz86lhI4fYHspneaGwDewNM iimUG48zDreZAafxYk3W3VSuHtR811kUT419HDA6iFwmCfdEeuOSADNiMjg,,&q={searchTerm s}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7 w5iPtWyxK0jUySHVWCzjBvumKfvdDCI8LczpyCvgC75WLBNq3t3GQz86lhI4fYHspneaGwDewNM iimUG48zDreZAafxYk3W3VSuHtR811kUT419HDA6iFwmCfdEeuOSADNiMjg,,&q={searchTerm s}
mWinlogon: Userinit = userinit.exe,
BHO: V-bates: {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension32.dll
BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: ViewPlay: {6336aaf8-3481-495b-bb79-70deb1f1590d} - C:\Program Files (x86)\ViewPlay\ViewPlaybho.dll
BHO: {67EC1BB4-1AC3-4B5E-9CAD-DA52013E7C31} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TidyNetwork: {7FD90B8A-633B-3C63-E6CE-7507A3BF892E} - C:\Program Files (x86)\TidyNetwork\petn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Browser Infrastructure Helper] C:\Users\Brents new toy\AppData\Local\Smartbar\Application\SnapDo.exe startup
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [dnsshield] C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Brents new toy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\BRENTS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 75.126.206.18,184.173.169.186
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0C6B3205-6B46-4638-9D07-464101850577} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{0C81864D-53C3-4A3C-9020-129865D997EA} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{0C81864D-53C3-4A3C-9020-129865D997EA} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{0C81864D-53C3-4A3C-9020-129865D997EA}\8457765637 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{694FD631-68BC-434A-B427-30DFD51FBB36} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{694FD631-68BC-434A-B427-30DFD51FBB36} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D4C64C70-CA8C-42A7-BD16-F8759D95DECC} : NameServer = 75.126.206.18,184.173.169.186
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: V-bates: {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: TidyNetwork: {7FD90B8A-633B-3C63-E6CE-7507A3BF892E} - C:\Program Files (x86)\TidyNetwork\petn64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [V-bates] C:\Program Files\V-bates\notifier.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brents new toy\AppData\Roaming\Mozilla\Firefox\Profiles\sjndys3n.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3324769&octid=EB_ORIGINAL_CTID&ISID=M819B0857-9466-428C-9DDE-5C21C70FCB13&SearchSource=55&CUI=&UM=5&UP=SP4419EB84-6F40-4B5D-99F1-BAE725C7CC92&SSPV=
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7 w5iPtWyxK0jUySHVWCzjBvumKfvdDCI8LczpyCvgC75WLBNq3t3GQz86lhI4fYHspneaGwDewNM iimUG48zDreZAafxYk3W3VSuHtR811kUT419HDA6iFwmCfdEeuOSADNiMjg,,&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Brents new toy\AppData\Local\Roblox\Versions\version-459b702c887942d4\NPRobloxProxy.dll
FF - plugin: C:\Users\Brents new toy\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-13 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-13 208416]
R1 {46183ba5-b8ed-40db-be57-6d0aafedc715}Gw64;{46183ba5-b8ed-40db-be57-6d0aafedc715}Gw64;C:\Windows\System32\drivers\{46183ba5-b8ed-40db-be57-6d0aafedc715}Gw64.sys [2014-6-17 61112]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-13 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-13 423240]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-13 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-13 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-6-13 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-6-13 50344]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-10-2 2253016]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-6-1 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-1 161560]
R2 LPTSystemUpdater;LPT System Updater Service;C:\Program Files (x86)\LPT\srpts.exe [2014-6-10 34336]
R2 Mext Guard;Mext Guard;C:\Program Files\V-bates\guardsvc.exe [2014-6-17 128800]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-28 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-28 21007192]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-6-1 1128952]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-1-30 65657]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-13 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-13 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-13 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-28 413128]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-1 363800]
R2 Update ViewPlay;Update ViewPlay;C:\Program Files (x86)\ViewPlay\updateViewPlay.exe [2014-6-16 317720]
R2 Util ViewPlay;Util ViewPlay;C:\Program Files (x86)\ViewPlay\bin\utilViewPlay.exe [2014-6-17 317720]
R2 V-bates Updater;V-bates Updater;C:\Program Files\V-bates\ExtensionUpdaterService.exe [2014-6-17 210208]
R2 vToolbarUpdater18.1.7;vToolbarUpdater18.1.7;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [2014-6-2 1808408]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-10-2 170712]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2013-10-2 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-1 39464]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-28 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-28 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-16 676968]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-1-3 136000]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-1-3 410944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-20 6144]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-17 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 197632]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19 23552]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-3-19 27648]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2013-3-20 12288]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-10 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-18 23:56:44 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DAE12292-0F8F-4375-959F-55230F04B9E9}\offreg.dll
2014-06-18 22:51:54 -------- d-----w- C:\ProgramData\374311380
2014-06-18 02:53:54 61112 ----a-w- C:\Windows\System32\drivers\{46183ba5-b8ed-40db-be57-6d0aafedc715}Gw64.sys
2014-06-17 22:14:41 -------- d-----w- C:\Program Files (x86)\LPT
2014-06-17 18:51:49 -------- d-----w- C:\Users\Brents new toy\AppData\Local\Smartbar
2014-06-17 18:51:49 -------- d-----w- C:\Users\Brents new toy\AppData\Local\LPT
2014-06-17 18:51:25 -------- d-----w- C:\Program Files (x86)\ViewPlay
2014-06-17 18:51:10 -------- d-----w- C:\Users\Brents new toy\AppData\Roaming\VOPackage
2014-06-17 18:51:03 -------- d-----w- C:\Users\Brents new toy\AppData\Local\TidyNetwork
2014-06-17 18:51:03 -------- d-----w- C:\Program Files (x86)\TidyNetwork
2014-06-17 18:50:41 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-06-17 18:50:34 -------- d-----w- C:\Program Files\V-bates
2014-06-17 18:35:29 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DAE12292-0F8F-4375-959F-55230F04B9E9}\mpengine.dll
2014-06-13 10:37:48 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-13 10:37:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-13 10:37:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-13 09:28:06 -------- d-sh--w- C:\Users\Brents new toy\AppData\Local\EmieUserList
2014-06-13 09:28:06 -------- d-sh--w- C:\Users\Brents new toy\AppData\Local\EmieSiteList
2014-06-12 20:36:14 -------- d-----w- C:\Users\Brents new toy\AppData\Local\{DC88D85C-7065-4A25-B758-661661A77DC7}
2014-06-10 21:14:50 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-10 21:14:50 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-06 14:12:56 -------- d-----w- C:\Users\Brents new toy\AppData\Local\{03BA0E0E-FC0F-4E69-816A-2CE174D4146D}
2014-06-02 22:00:00 -------- d-----w- C:\ProgramData\AVG Secure Search
2014-05-31 00:49:10 -------- d-----w- C:\Users\Brents new toy\AppData\Roaming\Magic Set Editor
2014-05-28 19:39:53 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-28 19:39:53 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-28 19:39:52 -------- d-----w- C:\Users\Brents new toy\AppData\Local\NVIDIA Corporation
2014-05-28 19:39:52 -------- d-----w- C:\Users\Brents new toy\AppData\Local\NVIDIA
2014-05-28 19:39:00 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-28 19:36:41 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-05-28 19:36:40 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-05-28 19:36:40 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-05-28 19:36:22 -------- d-----w- C:\NVIDIA
2014-05-26 17:30:13 -------- d-----w- C:\ProgramData\Avg_Update_0414c
2014-05-20 03:48:27 -------- d-----w- C:\Users\Brents new toy\AppData\Local\NuGet
2014-05-20 03:38:29 -------- d-----w- C:\Users\Brents new toy\AppData\Roaming\NuGet
2014-05-20 03:37:55 -------- d-----w- C:\ProgramData\IsolatedStorage
2014-05-20 03:37:05 -------- d-----w- C:\Program Files (x86)\Magic Set Editor 2
.
==================== Find3M ====================
.
2014-06-13 10:24:09 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-13 10:24:09 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-13 09:45:35 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-06-13 09:45:35 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-06-13 09:45:22 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-06-13 09:45:22 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-06-13 09:45:22 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-06-13 09:45:22 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-06-13 09:45:22 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-06-13 09:45:21 43152 ----a-w- C:\Windows\avastSS.scr
2014-06-02 21:59:51 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-31 16:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 17:30:26.10 ===============

Sorry but explorer keeps disappearing so I am going to post this and add th rest of the files as a reply.

IE Failure Post Malware Removal

0
0
I forgot to mention that before I ran AdwCleaner, Junkware-Removal-Tool and Combofix, I updated then ran Kapersky Internet Security and the free versions of SuperAntiSpyware and Malwarebytes. None of them detected any problems. I just ran sfc /scannow as a Hail Mary; it reported it did not detect any problems with system integrity.

Online game flash screen on startup

0
0
Hi,

My kid's been playing some game online and have downloaded some stuff which I do not understand.
Every time I start the PC, the games flash screen pops up ..clicking on which leads to the game opening in the browser.
Requesting help with the removal of said flash screen.

Thanks

iexplorer always running in the background

0
0
Hi i always see iexplorer running in the background can u help me please
this is my HijackThis log gile


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:37:17, on 19/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\ERWADI\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gfe_rd=cr&ei=...nTKYTM8ge79YBg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20614.www2.hp.com/ediags/gmd...detect1259.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Pare-feu AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxcq_device - - C:\Windows\system32\lxcqcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 27164 bytes

I can't follow up the "must read before posting"

full of malwares, help!

0
0
Hiya

Are you still having this problem? If so, sorry for the delay, these forums are very busy. Lets see what we can do.

So, looking at the logs I see plenty of things that need to go. Can you use a usb drive to transfer tools across, so that you can run them? If so, can you do this, and we'll see what other stuff needs to go:

Download OTL to your Desktop, then transfer it to the pc with the flash drive.

After running the below scan, transfer the logs back with your flash drive, and post them here in the post :)

(Vista or Win 7 => right click and Run As Administrator)
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • At the top, check the box entitled Scan All Users
  • Toward the bottom, check:
    All Users
    LOP Check
    Purity Check
  • Under the Standard Registry box change it to All
    Do not change any settings unless otherwise told to do so.
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:

    DRIVES
    netsvcs
    activex
    msconfig
    drivers32
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\Installer\*.*
    %windir%\system32\tasks\*.*
    %windir%\system32\tasks\*.* /64
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    pnrpnsp.dll
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    services.exe
    user32.dll
    atapi.sys
    csrss.exe
    PRINTISOLATIONHOST.EXE
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    %systemroot%\system32\drivers\*.sys /lockedfiles
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\* \s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. The scan wont take long.
    A black box will appear, this is part of the custom scan, so don't be alarmed ;)
    IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Regards

eddie
Viewing all 4746 articles
Browse latest View live




Latest Images