Hijackthis Log... many threats

June 19, 2014, 8:03 am

I'm trying to fix a friends computer. Seems to be covered in threats. I have run Malwarebyte, CCleaner, SuperAntiSpyware and can't get rid of everything. Internet keeps defaulting to everythingy.com. Can't open Outlook 2007 or run scnpst.exe to recover emails. Please help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:44 AM, on 6/19/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16555)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internet-home-page.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internet-home-page.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internet-home-page.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: DocsConverTer - {0007FAD8-C8C7-A6A8-F8BA-FB90A33B3838} - C:\ProgramData\DocsConverTer\lRbgy1.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: downloaDIttkeEp - {554352BB-FBCB-35DB-A6E4-076A8D92F1F3} - C:\ProgramData\downloaDIttkeEp\gpCW.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: deaL4real - {9CFDA400-CFC8-A6B1-23DF-B7001CB81113} - C:\ProgramData\deaL4real\ik4W.dll (file missing)
O2 - BHO: savEr bbox - {A04D9C86-DE1A-CFAC-5357-55A8EA12AD7C} - C:\ProgramData\savEr bbox\JSR3XxCZ.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [dnsshield] C:\Program Files\Social Privacy DNS\dnswatch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN24R4CK1X05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~1\optimi~1\optpro~2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9367 bytes

↧

Hijackthis Log

June 19, 2014, 9:53 am

≫ Next: Issues with being able to go on chrome without ads

≪ Previous: Hijackthis Log... many threats

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:42 AM, on 6/19/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\UMonit64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Tyler\AppData\Local\Auto Clicker\AutoClicker.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Tyler\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [pcreg] C:\Program Files\pcreg\service.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [pcreg] C:\Program Files\pcreg\service.exe
O4 - HKCU\..\Run: [MurGee.com Auto Clicker] C:\Users\Tyler\AppData\Local\Auto Clicker\AutoClicker.exe :silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: pcregservice Service (pcregservice) - Unknown owner - C:\Program Files\pcreg\pcreg.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 10370 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.55.2
Run by Tyler at 10:28:35 on 2014-06-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8104.6025 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\UMonit64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDIntelligent.exe
C:\Users\Tyler\AppData\Local\Auto Clicker\AutoClicker.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\pcreg\pcreg.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [pcreg] C:\Program Files\pcreg\service.exe
uRun: [MurGee.com Auto Clicker] C:\Users\Tyler\AppData\Local\Auto Clicker\AutoClicker.exe :silent
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [pcreg] C:\Program Files\pcreg\service.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6463207E-4F11-4917-AC88-E915F3E9E0A0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E2EDC192-A446-4370-A2F1-019D7229B897} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [UMonit64] C:\Windows\SysWOW64\UMonit64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\g4bp1sxc.default-1399414412662\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-4-30 677360]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-4-30 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-4-17 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-4-17 33736]
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64;{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64;C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys [2014-4-24 61120]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-30 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-4-17 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-4-17 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-16 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-16 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-17 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-4-17 16941856]
R2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe [2014-4-25 249024]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-1-8 3674864]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2014-4-17 374536]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-4-17 366576]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-4-17 785904]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2014-4-17 128200]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-16 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-16 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac. sys [2014-6-16 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-4-17 39200]
R3 rtsuvc;Lenovo EasyCamera;C:\Windows\System32\drivers\rtsuvc.sys [2014-4-17 8243272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2014-4-18 28176]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-4-17 442368]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-8 284912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-18 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-4-18 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-18 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-06-19 03:58:24 -------- d-----w- C:\Users\Tyler\AppData\Local\Auto Clicker
2014-06-18 18:20:07 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{34EBD8EF-2A0D-454A-B147-FDDCF4B683D0}\mpengine.dll
2014-06-18 04:42:44 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-17 04:51:27 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-17 04:51:19 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-17 04:51:19 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-17 04:51:19 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-17 04:51:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 04:36:02 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-17 04:18:21 -------- d-----w- C:\Program Files (x86)\Bench
2014-06-14 15:11:05 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E482A847-EDC5-4360-B332-769C5574B7DE}\gapaengine.dll
2014-06-11 03:31:49 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 03:31:48 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-11 03:12:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-11 03:12:13 -------- d-----w- C:\Program Files\iTunes
2014-06-11 03:12:13 -------- d-----w- C:\Program Files\iPod
2014-06-11 03:12:13 -------- d-----w- C:\Program Files (x86)\iTunes
2014-06-10 14:58:49 -------- d-----w- C:\Users\Tyler\AppData\Roaming\Seeing Machines
2014-06-10 14:58:49 -------- d-----w- C:\ProgramData\Seeing Machines
2014-06-10 14:53:34 15104 ----a-w- C:\Windows\System32\drivers\vjoy.sys
2014-06-10 14:53:34 -------- d-----w- C:\Program Files (x86)\VJoy Virtual Joystick Driver
2014-06-10 14:52:55 -------- d-----w- C:\Program Files (x86)\Abbequerque Inc
2014-06-09 21:27:15 518416 ----a-r- C:\Windows\SysWow64\MSXML.DLL
2014-06-09 21:22:41 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2014-06-09 21:22:41 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2014-06-09 21:22:41 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2014-06-09 21:22:41 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2014-06-09 21:22:37 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2014-06-09 21:22:36 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2014-06-09 21:22:36 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2014-06-09 01:50:44 -------- d-----w- C:\Users\Tyler\AppData\Local\DCS
2014-06-09 01:21:55 -------- d-----w- C:\Program Files\Eagle Dynamics
2014-05-30 21:23:23 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-30 21:23:20 -------- d-----w- C:\Users\Tyler\AppData\Local\PunkBuster
2014-05-30 21:23:05 -------- d-----w- C:\Users\Tyler\AppData\Local\ESN
2014-05-30 21:22:43 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2014-05-30 19:59:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-05-30 19:59:43 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-05-30 19:59:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-05-30 18:17:05 -------- d-----w- C:\ProgramData\PopCap Games
2014-05-30 18:17:03 -------- d-----w- C:\ProgramData\EA Logs
2014-05-30 18:17:03 -------- d-----w- C:\ProgramData\EA Core
2014-05-30 18:16:48 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2014-05-30 18:11:37 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-05-30 18:10:48 -------- d-----w- C:\Users\Tyler\AppData\Roaming\Origin
2014-05-30 18:10:47 -------- d-----w- C:\Users\Tyler\AppData\Local\Origin
2014-05-30 18:09:57 -------- d-----w- C:\ProgramData\Origin
2014-05-30 18:09:57 -------- d-----w- C:\ProgramData\Electronic Arts
2014-05-30 18:09:55 -------- d-----w- C:\Program Files (x86)\Origin
2014-05-27 21:17:35 -------- d-----w- C:\Users\Tyler\AppData\Roaming\LolClient
2014-05-27 20:12:00 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-05-27 20:12:00 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-05-27 20:11:59 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-05-27 20:11:42 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-05-27 20:11:41 -------- d-----w- C:\Riot Games
2014-05-27 20:10:16 -------- d-----w- C:\Users\Tyler\AppData\Local\PMB Files
2014-05-27 20:10:15 -------- d-----w- C:\ProgramData\PMB Files
2014-05-27 20:10:12 -------- d-----w- C:\Program Files (x86)\Pando Networks
2014-05-27 20:09:57 -------- d-----w- C:\Users\Tyler\AppData\Roaming\Riot Games
2014-05-23 23:01:59 -------- d-----w- C:\Users\Tyler\AppData\Local\ftblauncher
2014-05-23 21:09:45 -------- d-----w- C:\TylerShare
2014-05-20 21:26:42 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
.
==================== Find3M ====================
.
2014-06-14 15:06:14 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-14 15:06:14 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-27 14:22:58 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-04-25 04:04:05 21307392 ----a-w- C:\Windows\System32\imageres.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-24 18:34:52 61120 ----a-w- C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys
2014-04-20 00:19:44 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-04-20 00:19:44 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-04-20 00:19:44 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-04-20 00:19:44 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-04-18 20:07:34 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-18 02:26:04 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-04-18 01:48:03 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-04-01 04:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 04:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 10:28:55.36 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/17/2014 6:09:03 PM
System Uptime: 6/19/2014 10:12:59 AM (0 hours ago)
.
Motherboard: LENOVO | | VIQY0Y1
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz | U3E1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 782.358 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&F358A0D&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&F358A0D&0&2
Service: BthPan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID:
Description:
Device ID: ACPI\VPC2004\0
Manufacturer:
Name:
PNP Device ID: ACPI\VPC2004\0
Service:
.
==== System Restore Points ===================
.
RP78: 6/10/2014 8:53:06 AM - Installed Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
RP79: 6/10/2014 8:53:40 AM - Device Driver Package Install: Headsoft Human Interface Devices
RP80: 6/10/2014 12:42:34 PM - Windows Update
RP81: 6/10/2014 10:44:10 PM - Windows Update
RP82: 6/14/2014 9:10:09 AM - Windows Update
RP83: 6/17/2014 10:41:59 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 13 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 12.1
Apple Application Support
Apple Mobile Device Support
Auto Clicker v1.6
Battlefield 3
Battlelog Web Plugins
Bonjour
Canon MX870 series MP Drivers
DCS World
FaceTrackNoIR version 1.7
Fraps (remove only)
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
Graboid Video
Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
Intel(R) PRO/Wireless Driver
Intel(R) Rapid Storage Technology
Intel(R) Update Manager
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 45 (64-bit)
League of Legends
Lenovo pointing device
Lock On: Modern Air Combat
Logitech SetPoint 6.61
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Professional Plus 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Morrowind
Mozilla Firefox 30.0 (x86 en-US)
NVIDIA Control Panel 335.23
NVIDIA GeForce Experience 1.8.2.1
NVIDIA Graphics Driver 335.23
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 11.10.13
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 11.10.13
NVIDIA Update 11.10.13
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
Origin
Pando Media Booster
Plants vs. Zombies
Pocket Tanks v1.6
PunkBuster Services
Robocraft version 0.3.287
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
SHIELD Streaming
Skype 6.14
swMSM
TeamSpeak 3 Client
TES Construction Set
VJoy Virtual Joystick Driver 1.2
.
==== Event Viewer Messages From Past Week ========
.
6/19/2014 10:27:44 AM, Error: Service Control Manager [7024] - The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662.
6/19/2014 10:14:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/19/2014 10:14:38 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/19/2014 10:14:05 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147467259
6/19/2014 10:14:05 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147467259
6/17/2014 8:21:57 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2014 8:06:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/17/2014 8:06:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/17/2014 7:50:59 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2014 7:49:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/17/2014 7:49:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/17/2014 7:49:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/17/2014 7:49:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/17/2014 7:49:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/17/2014 7:49:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/17/2014 7:48:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf {b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64
6/17/2014 7:48:59 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2014 7:48:59 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2014 7:48:59 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2014 7:48:59 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2014 7:48:59 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2014 7:48:59 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2014 7:48:59 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2014 7:48:58 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2014 7:48:58 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2014 7:48:58 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2014 7:48:58 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/16/2014 10:51:44 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
6/16/2014 10:48:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.175.2358.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10600.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================

My Ark.txt file is attached. I could not copy-paste it here since it makes the post too long and will not allow me to publish it.

As for the issues I'm having, so far, it's a little strange. All that's happening is that I cannot update the database or run a scan with Malwarebytes. When I attempt to, it closes the program. I ran a scan in Safe Mode, and it didn't pick up anything, possibly because the database is out-of-date.

As well, whenever I shut down the computer, it says programs are running in the backround and it needs to close them first. This generally happens quickly, and some of it may be intentional like Origen or AutoClicker, but if any of that is caused by Malware I'd like to remove it.

Note: It also apprently coincided with something called "Browser Protect" which is just adware, and I got rid of, or so I think.

Thanks!

Attached Files

ark.txt (64.4 KB)

↧

Issues with being able to go on chrome without ads

June 19, 2014, 2:16 pm

≫ Next: recent infection

≪ Previous: Hijackthis Log

Today, I was on Tumblr and I was just searching as usual. Suddenly, a pop up appeared as i was trying to click the new tab button and instead of clicking the new tab button, I accidentally clicked the pop up. It happened so fast I didn't even catch what was on the popup.

I figured it was no big deal and decided to go and continue searching tumblr because that's what I typically do whenever I'm bored. So, I click on the refresh button built into tumblr and suddenly it's taking much longer for the webpage to load. I'm confused, so I just sit there and wait for it to load.

When the page finally starts to load, the first thing that pops up is a "search with bing" bar that I'm positive I never installed. Then, three ads pop up, one in the upper right corner, one in the lower right corner and one on the left side.

Tumblr never had ads before. So naturally, my first idea was to inspect. and upon further inspection, the ads are from OffersWizard. I searched all over for recommendations of how to get rid of this awful adware and stumbled across a page telling me to download AdwCleaner, so I did. I had it scan the computer and then clean it, and figured that that had gotten rid of my problems.

I was wrong. I log back on and open up chrome, and open tumblr and again, what do i see but three ads and green underlined text leading to suspicious websites. I repeated this process a total of three times and every single time it's come back. I'd greatly appreciate your help.

↧

recent infection

June 19, 2014, 5:07 pm

≫ Next: my Pc is infected with virus make the files shortcut.

≪ Previous: Issues with being able to go on chrome without ads

Here is the suggested resulting log from above sysinfo utility:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 CPU U7600 @ 1.20GHz, Intel64 Family 6 Model 15 Stepping 2
Processor Count: 2
RAM: 2037 Mb
Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 76316 MB, Free - 44143 MB;
Motherboard: Dell Inc.,
Antivirus: AVG AntiVirus Free Edition 2014, Updated and Enabled

I recently became infected with an unknown virus both on PC and my notebook. I'm going to clean this notebook first as I use it most often for most functions. I first realized that I was infected when my (Steven Gould) Windows CleanUp was deleting over 30-some files everytime it was run...even if I closed it and ran it immediately...I opened my Temp folder and actually saw all these entries just appearing before my eyes despite not having any browser window open. I can send you the log if you request, but want to make sure the 4 logs requested can fit in this posting. Then today my AVG 2014 tells me about one file and while I'm googling that threat another warning came up...they are:

c:\ Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe

and: IDP.Program.D1B0A5C0 C:\Users\Notebook\AppData\Local\Temp\rtinstaller.exe

One site says to delete all corresponding registry entries, but doesn't identify them or tell me how to identify them...I'd rather trust HJT and have you tell me which registry entries (if any) need to be manually deleted. I sure hope you can help...then we can do the PC.

Here are the logs in the order requested...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:42:22 PM, on 6/19/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\Notebook\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49215;https=127.0.0.1:49215
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Notebook\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Notebook\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=cec70f6688c147d293ebd1532d6d243d-0d90b1f633ab0cb057f8a3166fc223235b9b45ab /CMPID=0214c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Windows\SysWOW64\ScsiAccess.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5991 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Notebook at 18:43:46 on 2014-06-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1175 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\SysWOW64\ScsiAccess.EXE
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyServer = hxxp=127.0.0.1:49215;https=127.0.0.1:49215
uProxyOverride = <-loopback>;localhost
mWinlogon: Userinit = userinit.exe
BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Notebook\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
uRun: [AVG-Secure-Search-Update_0214c] C:\Users\Notebook\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=cec70f6688c147d293ebd1532d6d243d-0d90b1f633ab0cb057f8a3166fc223235b9b45ab /CMPID=0214c
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C23D2F9C-D747-4182-8036-4E29311156E0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C23D2F9C-D747-4182-8036-4E29311156E0}\665736B696E6163786F656 : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-13 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-15 1255736]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2014-06-19 23:31:00 -------- d-----w- C:\New folder
2014-06-13 21:46:17 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-13 21:46:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-13 21:46:15 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-13 21:46:15 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2014-06-12 23:00:36 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-12 23:00:36 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-13 19:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 19:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 19:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-05-13 19:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 19:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 19:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 19:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 19:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 18:44:42.23 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/15/2014 12:28:34 PM
System Uptime: 6/19/2014 6:23:32 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU U7600 @ 1.20GHz | Microprocessor | 1200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 43.112 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP35: 6/11/2014 4:19:51 PM - Windows Modules Installer
RP36: 6/12/2014 4:53:23 PM - Windows Backup
RP37: 6/12/2014 5:02:33 PM - Restore Operation
RP38: 6/13/2014 4:46:20 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Reader XI (11.0.07)
Apple Application Support
Apple Software Update
aspi
AVG 2014
BrowserSafeguard with Rockettab
CCHelp
CCScore
CleanUp!
Dell Touchpad
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
GreatArcadeHits
HLPCCTR
HLPIndex
Intel(R) Graphics Media Accelerator Driver
Kodak EasyShare software
KSU
Microsoft .NET Framework 4.5.1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notifier
OTtBP
PCDLNCH
QuickTime 7
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
SFR
SFR2
SpywareBlaster 5.0
VCAMCEN
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
.
==== Event Viewer Messages From Past Week ========
.
6/19/2014 4:48:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/19/2014 4:30:54 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2014 4:30:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/19/2014 4:30:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/19/2014 4:30:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2014 4:30:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/19/2014 4:30:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/19/2014 4:30:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgdiska AVGIDSDriver Avgldx64 cdrom discache spldr Wanarpv6
6/19/2014 4:30:16 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
6/18/2014 5:12:53 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Notebook-PC\Notebook SID (S-1-5-21-3824289412-1617869966-925479348-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/18/2014 5:12:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Notebook-PC\Notebook SID (S-1-5-21-3824289412-1617869966-925479348-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/13/2014 4:46:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
6/12/2014 5:49:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/12/2014 5:48:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2014 5:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/12/2014 5:48:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/12/2014 5:47:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2014 5:47:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

↧

my Pc is infected with virus make the files shortcut.

June 20, 2014, 10:36 am

≫ Next: Babylon translator unistall --- another kind of problem

≪ Previous: recent infection

Hello my Pc is infected with virus make the files shortcut and I do not know how to treat it. the virus came from my usb when I made scan for my usb by avast trial version it gives me vbs virus. is there any free tool or something free to fix it and for more information I cannot download win 7 updates on my computer or run win defender.

Attached Images

?????????.png (255.0 KB)

↧

Babylon translator unistall --- another kind of problem

June 20, 2014, 10:50 am

≫ Next: After Windows updates, Vista PC looks like Windows 98

≪ Previous: my Pc is infected with virus make the files shortcut.

Thanks for the reply and update, still couple of steps to run to clean your system...

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

Let me see those two logs.....

Kevin

Attached Files

fixlist.txt (2.0 KB)

↧

After Windows updates, Vista PC looks like Windows 98

June 20, 2014, 10:51 am

≫ Next: Speedial

≪ Previous: Babylon translator unistall --- another kind of problem

Okay, thank you.

↧

Speedial

June 20, 2014, 11:50 am

≫ Next: Japanese Pop-up Problem From mshta.exe

≪ Previous: After Windows updates, Vista PC looks like Windows 98

In trying to get the latest version of Adobe Flash I inadvertently installed Speedial. I went to my Control Panel and uninstalled it and I removed it from my Mozilla Add-ons, restarted my computer and ran my SuperAntiSpyware but Speedial is still there. How do I get rid of this?

I run on Vista on a Toshiba Satellite laptop and use Mozilla Firefox.

I just ran a logfile from HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:44:40 PM, on 6/20/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16555)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\Toshiba\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_dnlds...1951574584&ir=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_dnlds...1951574584&ir=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WorkForce 630(Network) (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_S2245.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe

--
End of file - 8754 bytes

↧

Japanese Pop-up Problem From mshta.exe

June 20, 2014, 5:34 pm

≫ Next: help! pop ups and little blue adds on certian words

≪ Previous: Speedial

Further to my last post please also do this:

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files

fixlist.txt (754 Bytes)

↧

help! pop ups and little blue adds on certian words

June 20, 2014, 6:49 pm

≫ Next: possible malware infection

≪ Previous: Japanese Pop-up Problem From mshta.exe

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by kylee sud at 20:18:52 on 2014-06-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3983.1111 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_start.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_comm_expert.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_user_expert.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\msiexec.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [GoToAssist Remote Support Expert] "C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_start.exe" "/Trigger RunAtLogon"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{0C21A153-BC29-4C62-B483-B196447CC1AB} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{0C21A153-BC29-4C62-B483-B196447CC1AB}\24F61627467716C6B6 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{0C21A153-BC29-4C62-B483-B196447CC1AB}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0C21A153-BC29-4C62-B483-B196447CC1AB}\35572766375707 : DHCPNameServer = 192.168.0.1 205.171.202.166
TCP: Interfaces\{0C21A153-BC29-4C62-B483-B196447CC1AB}\960586F6E656 : DHCPNameServer = 172.20.10.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
x64-Run: [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-11-9 652344]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-11-9 28216]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-9 20464]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 784760]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 346760]
R1 wStLibG64;wStLibG64;C:\Windows\System32\drivers\wStLibG64.sys [2014-3-26 61120]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-11-9 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2013-2-6 204928]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-26 2279608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-11-12 196616]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-11-9 328928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-9 14904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-11-9 165760]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2012-11-30 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-11-9 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-11-9 328928]
R2 McOobeSv2;McAfee OOBE Service2;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-11-9 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-11-9 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [2013-11-9 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-11-9 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-11-9 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-11-9 189912]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-11-9 246488]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-9 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-11-9 81536]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2013-2-6 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2013-2-6 341120]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2013-2-6 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2013-2-6 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2013-2-6 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2013-2-6 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2013-2-6 281728]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2013-2-6 551552]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70592]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-11-9 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-9 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-9 792560]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 311856]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 522360]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-3-18 441264]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-11-9 315536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-9 726160]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-11-9 32136]
S2 0045911402784959mcinstcleanup;McAfee Application Installer Cleanup (0045911402784959);C:\Windows\TEMP\004591~1.EXE -cleanup -nolog --> C:\Windows\TEMP\004591~1.EXE -cleanup -nolog [?]
S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-11-9 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-3-11 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-13 111616]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [2013-11-9 334760]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-3-18 96592]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-30 1255736]
.
=============== Created Last 30 ================
.
2014-06-14 00:33:46 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-14 00:33:46 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-14 00:33:45 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-14 00:33:45 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-14 00:33:40 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-14 00:33:40 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-14 00:33:40 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-14 00:33:40 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-14 00:33:40 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-14 00:33:40 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-14 00:33:40 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-14 00:33:40 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-06-14 00:28:20 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-14 00:28:20 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-08 18:54:18 80896 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMACAC4C.DLL
2014-05-28 21:11:41 -------- d-s---w- C:\Windows\System32\CompatTel
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-10 18:40:31 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-03 22:23:54 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-04-03 22:16:04 346760 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-04-03 22:15:34 189912 ----a-w- C:\Windows\System32\mfevtps.exe
2014-04-03 22:10:34 784760 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-04-03 22:08:04 522360 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-04-03 22:06:04 311856 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-04-03 22:03:32 177544 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2014-03-26 17:35:12 61120 ----a-w- C:\Windows\System32\drivers\wStLibG64.sys
.
============= FINISH: 20:20:00.38 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/23/2013 9:06:05 PM
System Uptime: 6/20/2014 1:55:12 AM (19 hours ago)
.
Motherboard: Dell Inc. | | 06RYX8
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz | U3E1 | 1494/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 444 GiB total, 394.518 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP27: 4/20/2014 9:55:23 PM - Windows Update
RP28: 5/28/2014 3:00:37 AM - Windows Update
RP29: 5/28/2014 4:18:58 PM - Windows Update
RP30: 5/28/2014 10:44:19 PM - Removed Microsoft Silverlight
RP31: 5/29/2014 3:00:21 AM - Windows Update
RP32: 6/14/2014 3:46:09 PM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Ad-Aware Antivirus
Ad-Aware Security Add-on
AdAwareInstaller
AdAwareUpdater
Adobe Flash Player 11 ActiveX
Adobe Reader XI MUI
AntimalwareEngine
Atheros Bluetooth Suite (64)
Banctec Service Agreement
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
CyberLink PowerDVD 9.5
D3DX10
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Digital Delivery
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell Touchpad
Dell WLAN and Bluetooth Client Installation
DSC/AA Factory Installer
eBay
GIMP 2.6.10
Google Chrome
Google Update Helper
GoToAssist Expert 2.0.0.637
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel® Trusted Connect Service Client
Junk Mail filter update
Malwarebytes Anti-Malware version 2.00.0.1000
McAfee LiveSafe Internet Security
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 365 - en-us
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
My Dell
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Optimizer Pro v3.2
Photo Common
Photo Gallery
Premium Service Agreement
QualxServ Service Agreement
Quickset64
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Shared C Run-time for x64
Skype Click to Call
Skype 6.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/18/2014 10:07:16 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0C21A153-BC29-4C62-B483-B196447CC1AB} because another computer on the network has the same name. The server could not start.
6/17/2014 1:43:23 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
6/14/2014 5:19:43 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/14/2014 12:37:48 AM, Error: volmgr [45] - The system could not sucessfully load the crash dump driver.
6/13/2014 7:07:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeNetSvc service.
.
==== End Of File ===========================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:55 PM, on 6/20/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_start.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_comm_expert.exe
C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_user_expert.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\kylee sud\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [GoToAssist Remote Support Expert] "C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_start.exe" "/Trigger RunAtLogon"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: McAfee Application Installer Cleanup (0045911402784959) (0045911402784959mcinstcleanup) - Unknown owner - C:\Windows\TEMP\004591~1.EXE (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 13455 bytes

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:55 PM, on 6/20/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_start.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_comm_expert.exe
C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_user_expert.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\kylee sud\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [GoToAssist Remote Support Expert] "C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_start.exe" "/Trigger RunAtLogon"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: McAfee Application Installer Cleanup (0045911402784959) (0045911402784959mcinstcleanup) - Unknown owner - C:\Windows\TEMP\004591~1.EXE (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 13455 bytes

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-20 20:43:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 ATA_____ rev.SDM1 465.76GB
Running: i15nig3f.exe; Driver: C:\Users\KYLEES~1\AppData\Local\Temp\uwlyrkow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033b5000 45 bytes [43, 4D, 41, EC, 01, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033b502f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_start.exe[5576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077921465 2 bytes [92, 77]
.text C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_start.exe[5576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779214bb 2 bytes [92, 77]
.text ... * 2
.text C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_comm_expert.exe[5868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077921465 2 bytes [92, 77]
.text C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_comm_expert.exe[5868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779214bb 2 bytes [92, 77]
.text ... * 2
.text C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_user_expert.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077921465 2 bytes [92, 77]
.text C:\Users\kylee sud\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_user_expert.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779214bb 2 bytes [92, 77]
.text ... * 2
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077921465 2 bytes [92, 77]
.text C:\Windows\SysWOW64\NOTEPAD.EXE[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779214bb 2 bytes [92, 77]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [1844] entry point in ".rdata" section 00000000736271e6

---- Threads - GMER 2.1 ----

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [8348:7224] 00000000759e7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [8348:10024] 00000000618b7712
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [8348:2444] 00000000779a2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [8348:7056] 00000000779a3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [8348:5596] 00000000779a3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [8348:10204] 00000000779a3e85

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\342387164cd6
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\342387164cd6 (not active ControlSet)

---- EOF - GMER 2.1 ----
thank you:confused::confused::confused:

↧

possible malware infection

June 20, 2014, 10:26 pm

≫ Next: Adware wont go away

≪ Previous: help! pop ups and little blue adds on certian words

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-20 22:25:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-75ZCT2 rev.11.01A11 149.05GB
Running: iqk3mvkr.exe; Driver: C:\Users\patrick\AppData\Local\Temp\pwdiyfob.sys

---- System - GMER 2.1 ----

SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAllocateVirtualMemory [0x81F9BFB2]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAlpcConnectPort [0x81F9F340]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAlpcSendWaitReceivePort [0x81F9EE76]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwAssignProcessToJobObject [0x81F9CA76]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwClose [0x81F9F972]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwConnectPort [0x81F9E1F2]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateFile [0x81F9D740]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateKey [0x81F9E8EA]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateProcess [0x81F9CCCC]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateProcessEx [0x81F9CD82]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateSection [0x81F9D06A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateThread [0x81F9B922]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwCreateThreadEx [0x81F9FB8E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwDeviceIoControlFile [0x81F9EA5A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwDuplicateObject [0x81FA2D3A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwFsControlFile [0x81F9ED12]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwLoadDriver [0x81F9C428]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwMakeTemporaryObject [0x81F9F70E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenFile [0x81F9D538]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenProcess [0x81FA2792]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenSection [0x81F9CE3C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwOpenThread [0x81FA2A42]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwProtectVirtualMemory [0x81F9BE36]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwQueueApcThread [0x81F9CB9E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwReplaceKey [0x81F9F55C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwRequestPort [0x81F9E360]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwRequestWaitReplyPort [0x81F9DCF4]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwRestoreKey [0x81F9F5E6]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSecureConnectPort [0x81F9E77A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSetContextThread [0x81F9BA92]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSetSecurityObject [0x81F9F4B6]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSetSystemInformation [0x81F9C618]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwShutdownSystem [0x81F9F678]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSuspendProcess [0x81F9BD0E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSuspendThread [0x81F9BBE8]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwSystemDebugControl [0x81F9C9A8]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwTerminateProcess [0x81FA268A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwTerminateThread [0x81FA2F2C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwUnloadDriver [0x81F9F7A4]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys ZwWriteVirtualMemory [0x81F9B7A6]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E7BA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB5212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82EBC488 4 Bytes [B2, BF, F9, 81]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82EBC494 4 Bytes [40, F3, F9, 81]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82EBC4D8 4 Bytes [76, EE, F9, 81]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82EBC4E8 4 Bytes [76, CA, F9, 81]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82EBC504 4 Bytes [72, F9, F9, 81]
.text ...
? C:\Users\patrick\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtCreateFile + 6 774F560E 4 Bytes [28, 54, 9F, 00] {SUB [EDI+EBX*4+0x0], DL}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtCreateFile + B 774F5613 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtMapViewOfSection + 6 774F5C6E 4 Bytes [28, 57, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtMapViewOfSection + B 774F5C73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenFile + 6 774F5D1E 4 Bytes [68, 54, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenFile + B 774F5D23 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcess + 6 774F5DCE 4 Bytes [A8, 55, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcess + B 774F5DD3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcessToken + B 774F5DE3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcessTokenEx + 6 774F5DEE 4 Bytes [A8, 56, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcessTokenEx + B 774F5DF3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThread + 6 774F5E4E 4 Bytes [68, 55, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThread + B 774F5E53 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThreadToken + 6 774F5E5E 4 Bytes [68, 56, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThreadToken + B 774F5E63 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThreadTokenEx + B 774F5E73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtQueryAttributesFile + 6 774F5F7E 4 Bytes [A8, 54, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtQueryAttributesFile + B 774F5F83 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtQueryFullAttributesFile + B 774F6033 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtSetInformationFile + 6 774F667E 4 Bytes [28, 55, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtSetInformationFile + B 774F6683 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtSetInformationThread + 6 774F66DE 4 Bytes [28, 56, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtSetInformationThread + B 774F66E3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtUnmapViewOfSection + 6 774F69FE 4 Bytes [68, 57, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtUnmapViewOfSection + B 774F6A03 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + 6 774F560E 4 Bytes [28, B8, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + B 774F5613 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + 6 774F5C6E 4 Bytes [28, BB, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + B 774F5C73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + 6 774F5D1E 4 Bytes [68, B8, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + B 774F5D23 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + 6 774F5DCE 4 Bytes [A8, B9, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + B 774F5DD3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + 6 774F5DDE 4 Bytes CALL 7650349C C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + B 774F5DE3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + 6 774F5DEE 4 Bytes [A8, BA, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + B 774F5DF3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + 6 774F5E4E 4 Bytes [68, B9, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + B 774F5E53 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + 6 774F5E5E 4 Bytes [68, BA, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + B 774F5E63 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + 6 774F5E6E 4 Bytes CALL 7650352D C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + B 774F5E73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + 6 774F5F7E 4 Bytes [A8, B8, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + B 774F5F83 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + 6 774F602E 4 Bytes CALL 765036EB C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + B 774F6033 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + 6 774F667E 4 Bytes [28, B9, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + B 774F6683 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + 6 774F66DE 4 Bytes [28, BA, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + B 774F66E3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + 6 774F69FE 4 Bytes [68, BB, D6, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + B 774F6A03 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtCreateFile + 6 774F560E 4 Bytes [28, 9C, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtCreateFile + B 774F5613 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtMapViewOfSection + 6 774F5C6E 4 Bytes [28, 9F, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtMapViewOfSection + B 774F5C73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenFile + 6 774F5D1E 4 Bytes [68, 9C, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenFile + B 774F5D23 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcess + 6 774F5DCE 4 Bytes [A8, 9D, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcess + B 774F5DD3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessToken + B 774F5DE3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessTokenEx + 6 774F5DEE 4 Bytes [A8, 9E, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenProcessTokenEx + B 774F5DF3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThread + 6 774F5E4E 4 Bytes [68, 9D, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThread + B 774F5E53 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadToken + 6 774F5E5E 4 Bytes [68, 9E, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadToken + B 774F5E63 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtOpenThreadTokenEx + B 774F5E73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryAttributesFile + 6 774F5F7E 4 Bytes [A8, 9C, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryAttributesFile + B 774F5F83 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtQueryFullAttributesFile + B 774F6033 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationFile + 6 774F667E 4 Bytes [28, 9D, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationFile + B 774F6683 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationThread + 6 774F66DE 4 Bytes [28, 9E, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtSetInformationThread + B 774F66E3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtUnmapViewOfSection + 6 774F69FE 4 Bytes [68, 9F, 9F, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4592] ntdll.dll!NtUnmapViewOfSection + B 774F6A03 1 Byte [E2]
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!PathIsExe + 17BB 75ABD948 4 Bytes [F1, 95, E8, 68]
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!PathIsExe + 17C3 75ABD950 4 Bytes [0C, 95, E8, 68]
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!PathIsExe + 17D7 75ABD964 4 Bytes [CA, 6C, E7, 68]
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!PathIsExe + 17DF 75ABD96C 4 Bytes [38, 6D, E7, 68]
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!PathIsExe + 17E7 75ABD974 4 Bytes [5C, 6C, E7, 68] {POP ESP; INS BYTE [ES:EDI], DX; OUT 0x68, EAX}
.text ...
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!DAD_AutoScroll + 6EB 75AE7640 4 Bytes [F1, 95, E8, 68]
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!DAD_AutoScroll + 6F3 75AE7648 4 Bytes [0C, 95, E8, 68]
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!DAD_AutoScroll + 703 75AE7658 4 Bytes [F5, 6D, E7, 68] {CMC ; INS DWORD [ES:EDI], DX; OUT 0x68, EAX}
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!SHCreateDirectoryExW + 45F 75B0DF28 4 Bytes [F1, 95, E8, 68]
.text C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[4596] SHELL32.dll!SHCreateDirectoryExW + 467 75B0DF30 8 Bytes CALL 5E47739D
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtCreateFile + 6 774F560E 4 Bytes [28, E4, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtCreateFile + B 774F5613 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtMapViewOfSection + 6 774F5C6E 4 Bytes [28, E7, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtMapViewOfSection + B 774F5C73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenFile + 6 774F5D1E 4 Bytes [68, E4, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenFile + B 774F5D23 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenProcess + 6 774F5DCE 4 Bytes [A8, E5, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenProcess + B 774F5DD3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenProcessToken + 6 774F5DDE 4 Bytes CALL 76504EC8 C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenProcessToken + B 774F5DE3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenProcessTokenEx + 6 774F5DEE 4 Bytes [A8, E6, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenProcessTokenEx + B 774F5DF3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenThread + 6 774F5E4E 4 Bytes [68, E5, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenThread + B 774F5E53 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenThreadToken + 6 774F5E5E 4 Bytes [68, E6, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenThreadToken + B 774F5E63 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenThreadTokenEx + 6 774F5E6E 4 Bytes CALL 76504F59 C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtOpenThreadTokenEx + B 774F5E73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtQueryAttributesFile + 6 774F5F7E 4 Bytes [A8, E4, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtQueryAttributesFile + B 774F5F83 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtQueryFullAttributesFile + 6 774F602E 4 Bytes CALL 76505117 C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtQueryFullAttributesFile + B 774F6033 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtSetInformationFile + 6 774F667E 4 Bytes [28, E5, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtSetInformationFile + B 774F6683 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtSetInformationThread + 6 774F66DE 4 Bytes [28, E6, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtSetInformationThread + B 774F66E3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtUnmapViewOfSection + 6 774F69FE 4 Bytes [68, E7, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4944] ntdll.dll!NtUnmapViewOfSection + B 774F6A03 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtCreateFile + 6 774F560E 4 Bytes [28, 58, D0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtCreateFile + B 774F5613 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtMapViewOfSection + 6 774F5C6E 4 Bytes [28, 5B, D0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtMapViewOfSection + B 774F5C73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenFile + 6 774F5D1E 4 Bytes [68, 58, D0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenFile + B 774F5D23 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcess + 6 774F5DCE 4 Bytes [A8, 59, D0, 00] {TEST AL, 0x59; ROL BYTE [EAX], 0x1}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcess + B 774F5DD3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcessToken + 6 774F5DDE 4 Bytes CALL 76502E3C C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcessToken + B 774F5DE3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcessTokenEx + 6 774F5DEE 4 Bytes [A8, 5A, D0, 00] {TEST AL, 0x5a; ROL BYTE [EAX], 0x1}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenProcessTokenEx + B 774F5DF3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThread + 6 774F5E4E 4 Bytes [68, 59, D0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThread + B 774F5E53 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThreadToken + 6 774F5E5E 4 Bytes [68, 5A, D0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThreadToken + B 774F5E63 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThreadTokenEx + 6 774F5E6E 4 Bytes CALL 76502ECD C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtOpenThreadTokenEx + B 774F5E73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtQueryAttributesFile + 6 774F5F7E 4 Bytes [A8, 58, D0, 00] {TEST AL, 0x58; ROL BYTE [EAX], 0x1}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtQueryAttributesFile + B 774F5F83 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtQueryFullAttributesFile + 6 774F602E 4 Bytes CALL 7650308B C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtQueryFullAttributesFile + B 774F6033 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtSetInformationFile + 6 774F667E 4 Bytes [28, 59, D0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtSetInformationFile + B 774F6683 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtSetInformationThread + 6 774F66DE 4 Bytes [28, 5A, D0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtSetInformationThread + B 774F66E3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtUnmapViewOfSection + 6 774F69FE 4 Bytes [68, 5B, D0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[4952] ntdll.dll!NtUnmapViewOfSection + B 774F6A03 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtCreateFile + 6 774F560E 4 Bytes [28, 0C, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtCreateFile + B 774F5613 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtMapViewOfSection + 6 774F5C6E 4 Bytes [28, 0F, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtMapViewOfSection + B 774F5C73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenFile + 6 774F5D1E 4 Bytes [68, 0C, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenFile + B 774F5D23 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcess + 6 774F5DCE 4 Bytes [A8, 0D, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcess + B 774F5DD3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcessToken + B 774F5DE3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcessTokenEx + 6 774F5DEE 4 Bytes [A8, 0E, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenProcessTokenEx + B 774F5DF3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThread + 6 774F5E4E 4 Bytes [68, 0D, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThread + B 774F5E53 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThreadToken + 6 774F5E5E 4 Bytes [68, 0E, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThreadToken + B 774F5E63 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtOpenThreadTokenEx + B 774F5E73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtQueryAttributesFile + 6 774F5F7E 4 Bytes [A8, 0C, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtQueryAttributesFile + B 774F5F83 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtQueryFullAttributesFile + B 774F6033 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtSetInformationFile + 6 774F667E 4 Bytes [28, 0D, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtSetInformationFile + B 774F6683 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtSetInformationThread + 6 774F66DE 4 Bytes [28, 0E, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtSetInformationThread + B 774F66E3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtUnmapViewOfSection + 6 774F69FE 4 Bytes [68, 0F, 3E, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5232] ntdll.dll!NtUnmapViewOfSection + B 774F6A03 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + 6 774F560E 4 Bytes [28, 24, FF, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtCreateFile + B 774F5613 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtMapViewOfSection + 6 774F5C6E 4 Bytes [28, 27, FF, 00] {SUB [EDI], AH; INC DWORD [EAX]}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtMapViewOfSection + B 774F5C73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + 6 774F5D1E 4 Bytes [68, 24, FF, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenFile + B 774F5D23 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + 6 774F5DCE 4 Bytes [A8, 25, FF, 00] {TEST AL, 0x25; INC DWORD [EAX]}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcess + B 774F5DD3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessToken + 6 774F5DDE 4 Bytes CALL 76505D08 C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessToken + B 774F5DE3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + 6 774F5DEE 4 Bytes [A8, 26, FF, 00] {TEST AL, 0x26; INC DWORD [EAX]}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenProcessTokenEx + B 774F5DF3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + 6 774F5E4E 4 Bytes [68, 25, FF, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThread + B 774F5E53 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + 6 774F5E5E 4 Bytes [68, 26, FF, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadToken + B 774F5E63 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadTokenEx + 6 774F5E6E 4 Bytes CALL 76505D99 C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtOpenThreadTokenEx + B 774F5E73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + 6 774F5F7E 4 Bytes [A8, 24, FF, 00] {TEST AL, 0x24; INC DWORD [EAX]}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryAttributesFile + B 774F5F83 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryFullAttributesFile + 6 774F602E 4 Bytes CALL 76505F57 C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtQueryFullAttributesFile + B 774F6033 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + 6 774F667E 4 Bytes [28, 25, FF, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationFile + B 774F6683 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + 6 774F66DE 4 Bytes [28, 26, FF, 00] {SUB [ESI], AH; INC DWORD [EAX]}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtSetInformationThread + B 774F66E3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtUnmapViewOfSection + 6 774F69FE 4 Bytes [68, 27, FF, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5308] ntdll.dll!NtUnmapViewOfSection + B 774F6A03 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtMapViewOfSection + 6 774F5C6E 4 Bytes [18, 10, 48, 71]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtMapViewOfSection + B 774F5C73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + 6 774F560E 4 Bytes [28, 54, F0, 00] {SUB [EAX+ESI*8+0x0], DL}
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + B 774F5613 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + 6 774F5C6E 4 Bytes [28, 57, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + B 774F5C73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + 6 774F5D1E 4 Bytes [68, 54, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + B 774F5D23 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + 6 774F5DCE 4 Bytes [A8, 55, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + B 774F5DD3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + 6 774F5DDE 4 Bytes CALL 76504E38 C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + B 774F5DE3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + 6 774F5DEE 4 Bytes [A8, 56, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + B 774F5DF3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + 6 774F5E4E 4 Bytes [68, 55, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + B 774F5E53 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + 6 774F5E5E 4 Bytes [68, 56, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + B 774F5E63 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + 6 774F5E6E 4 Bytes CALL 76504EC9 C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + B 774F5E73 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + 6 774F5F7E 4 Bytes [A8, 54, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + B 774F5F83 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + 6 774F602E 4 Bytes CALL 76505087 C:\Windows\system32\SHELL32.dll
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + B 774F6033 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + 6 774F667E 4 Bytes [28, 55, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + B 774F6683 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + 6 774F66DE 4 Bytes [28, 56, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + B 774F66E3 1 Byte [E2]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + 6 774F69FE 4 Bytes [68, 57, F0, 00]
.text C:\Users\patrick\AppData\Local\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + B 774F6A03 1 Byte [E2]

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1252

---- EOF - GMER 2.1 ----

↧

Adware wont go away

June 20, 2014, 11:37 pm

≫ Next: Malware Infection - OffersWizard

≪ Previous: possible malware infection

I have this Adware/Malware that refuses to go away. I did a fresh install of windows, where I formatted the drive and as soon as I signed into chrome and it updated itself with saved password etc etc. The darn thing show up again. Basically i get a new tab that opens up and it will say "PC Driver Kit analyzes your computer for all out of date drivers" Then wants me to download it's "fix" and install it. I always close it without downloading it.. I can't figure out how to get rid of it.. I've ran several different malware programs, and each one finds nothing! I don't know what else to do, or how it came back.. It's either somehow attached itself to chrome, and Google uploaded it along with my settings, or it's hiding on my other drives. I'm stumped! I attached a picture sample of what it looks like. Basically instead of Windows 8, it will say Windows 7.

Hopefully someone can help me, get rid of this thing. Whatever it is.....:confused:

OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: AMD FX(tm)-8150 Eight-Core Processor, AMD64 Family 21 Model 1 Stepping 2
Processor Count: 8
RAM: 8174 Mb
Graphics Card: NVIDIA GeForce GTX 660, -2048 Mb
Hard Drives: C: Total - 476938 MB, Free - 405860 MB; E: Total - 152625 MB, Free - 91714 MB; F: Total - 1907726 MB, Free - 1243505 MB;
Motherboard: ASUSTeK Computer INC., M4A89GTD-PRO/USB3
Antivirus: avast! Antivirus, Updated and Enabled

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:09:44 AM, on 6/21/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16555)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Users\John\AppData\Local\The Weather Network\weathereye.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\John\Downloads\uTorrent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
F:\My Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [WeatherEye] C:\Users\John\AppData\Local\The Weather Network\WeatherEye.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Dropbox.lnk = John\AppData\Roaming\Dropbox\bin\Dropbox.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8837 bytes

DDS by sUBs Logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16555
Run by John at 2:12:01 on 2014-06-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8174.3893 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\John\AppData\Local\The Weather Network\weathereye.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Users\John\Downloads\uTorrent.exe
C:\Users\John\AppData\Local\Apps\2.0\6G0V3X40.2C0\H1RO23BW.NVP\curs..tion_9 e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.ca
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
uRun: [WeatherEye] C:\Users\John\AppData\Local\The Weather Network\WeatherEye.exe
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
StartupFolder: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dr opbox.lnk - C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 162.243.207.106 66.118.165.22
TCP: Interfaces\{3005E147-348A-4061-B500-D29AD3E62D59} : DHCPNameServer = 162.243.207.106 66.118.165.22
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-20 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-20 208416]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-20 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-20 423240]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-20 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-20 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-6-20 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-6-20 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-20 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-20 860472]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-20 1593632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-20 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-20 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-20 171928]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-6-14 1403208]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-20 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-20 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac. sys [2014-6-20 63704]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-20 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-20 325152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-24 11856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-6-20 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
.
=============== Created Last 30 ================
.
2014-06-21 05:30:39 -------- d-----w- C:\Program Files\Enigma Software Group
2014-06-21 05:29:54 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-21 05:29:53 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-06-21 05:28:53 -------- d-----w- C:\Users\John\AppData\Roaming\Curse Advertising
2014-06-21 03:58:24 -------- d-----w- C:\Windows\System32\MRT
2014-06-21 03:51:27 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2014-06-21 03:51:27 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2014-06-21 03:24:58 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2014-06-21 03:24:58 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-06-21 03:12:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-06-21 03:12:04 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-06-21 03:12:04 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-06-21 03:12:04 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-06-21 03:04:20 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2014-06-21 02:39:10 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2014-06-21 02:39:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2014-06-21 02:39:10 367616 ----a-w- C:\Windows\System32\atmfd.dll
2014-06-21 02:39:10 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2014-06-21 02:39:10 100864 ----a-w- C:\Windows\System32\fontsub.dll
2014-06-21 02:39:09 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2014-06-21 02:37:57 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-06-21 02:37:57 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-06-21 02:37:56 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-06-21 02:37:56 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-06-21 02:37:55 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-06-21 02:37:55 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-06-21 02:37:55 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-06-21 02:26:29 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2014-06-21 02:26:29 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-06-21 02:26:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-06-21 02:26:28 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-06-21 02:26:28 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-06-21 02:20:00 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2014-06-21 02:20:00 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-06-21 02:17:35 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-06-21 02:16:57 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2014-06-21 02:15:58 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2014-06-21 02:14:59 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2014-06-21 02:13:58 3213824 ----a-w- C:\Windows\System32\msi.dll
2014-06-21 02:12:58 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2014-06-21 01:57:41 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-06-21 01:57:41 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2014-06-21 01:57:41 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2014-06-21 01:57:41 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-06-21 01:57:41 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-06-21 01:57:41 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2014-06-21 01:57:15 77312 ----a-w- C:\Windows\System32\packager.dll
2014-06-21 01:57:15 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-06-21 01:11:41 -------- d-----w- C:\Windows\Panther
2014-06-21 01:11:28 -------- d-sh--w- C:\Boot
2014-06-21 00:38:24 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-21 00:37:33 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-21 00:37:33 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-21 00:37:33 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-21 00:37:33 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-21 00:37:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 00:16:39 -------- d-----w- C:\Users\John\AppData\Local\Skype
2014-06-21 00:16:24 -------- d-----r- C:\Program Files (x86)\Skype
2014-06-20 23:50:44 -------- d-----w- C:\Program Files\Microsoft LifeCam
2014-06-20 23:50:44 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2014-06-20 23:50:39 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2014-06-20 22:54:16 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-20 22:54:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-20 22:54:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-20 22:45:59 -------- d-----w- C:\Users\John\AppData\Local\The Weather Network
2014-06-20 22:40:53 -------- d-----w- C:\Users\John\AppData\Roaming\NVIDIA
2014-06-20 22:40:51 -------- d-----w- C:\Users\John\AppData\Local\Blizzard Entertainment
2014-06-20 22:40:45 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-06-20 22:40:44 -------- d-----w- C:\Users\John\AppData\Roaming\Battle.net
2014-06-20 22:40:44 -------- d-----w- C:\Users\John\AppData\Local\Battle.net
2014-06-20 22:40:30 -------- d-----w- C:\ProgramData\Battle.net
2014-06-20 22:26:30 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2014-06-20 22:26:09 -------- d-----w- C:\Program Files\Battle.net
2014-06-20 22:25:05 -------- d-----w- C:\Program Files (x86)\Canon
2014-06-20 22:23:56 -------- d-----w- C:\Program Files (x86)\Common Files\Canon
2014-06-20 22:21:26 -------- d-----w- C:\Users\John\AppData\Roaming\Foxit Software
2014-06-20 22:21:09 -------- d-----w- C:\Program Files (x86)\Foxit Software
2014-06-20 22:20:34 -------- d-----w- C:\Users\John\AppData\Local\Programs
2014-06-20 22:18:23 -------- d-----w- C:\Users\John\AppData\Roaming\uTorrent
2014-06-20 22:13:29 139264 ----a-w- C:\Windows\System32\cabview.dll
2014-06-20 22:13:29 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2014-06-20 22:13:28 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-06-20 22:13:28 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-06-20 22:13:28 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-06-20 22:10:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-06-20 22:09:46 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-06-20 22:09:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-06-20 22:09:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-06-20 22:08:44 -------- d-----w- C:\Users\John\AppData\Roaming\Windows Live Writer
2014-06-20 22:08:44 -------- d-----w- C:\Users\John\AppData\Local\Windows Live Writer
2014-06-20 22:05:13 24576 ----a-r- C:\Windows\SysWow64\AsIO.dll
2014-06-20 22:05:13 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2014-06-20 22:05:09 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2014-06-20 22:05:09 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2014-06-20 22:05:09 -------- d-----w- C:\Program Files (x86)\ASUS
2014-06-20 22:04:55 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-06-20 22:04:55 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-06-20 22:04:55 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-06-20 22:04:55 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-06-20 22:03:46 -------- d-----w- C:\Program Files (x86)\NEC Electronics
2014-06-20 22:02:46 -------- d-----w- C:\Users\John\AppData\Local\Downloaded Installations
2014-06-20 22:02:31 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2014-06-20 22:02:31 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2014-06-20 22:02:06 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2014-06-20 21:59:06 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-06-20 21:56:00 -------- d-----w- C:\Program Files (x86)\Image Resizer
2014-06-20 21:55:13 34632 ----a-w- C:\Windows\System32\TURegOpt.exe
2014-06-20 21:55:08 36168 ----a-w- C:\Windows\System32\uxtuneup.dll
2014-06-20 21:55:08 30024 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2014-06-20 21:55:08 25928 ----a-w- C:\Windows\System32\authuitu.dll
2014-06-20 21:55:07 21320 ----a-w- C:\Windows\SysWow64\authuitu.dll
2014-06-20 21:54:57 -------- d-----w- C:\Users\John\AppData\Roaming\TuneUp Software
2014-06-20 21:54:51 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2010
2014-06-20 21:54:21 -------- d-----w- C:\ProgramData\TuneUp Software
2014-06-20 21:54:13 -------- d-sh--w- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2014-06-20 21:53:34 -------- d-----w- C:\Windows\en-gb
2014-06-20 21:53:12 -------- d-----w- C:\Windows\en
2014-06-20 21:52:57 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-20 21:52:03 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-06-20 21:52:03 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E2DDDBC-0EE0-474B-AFCB-D970296EFC67}\mpengine.dll
2014-06-20 21:51:37 -------- d-----w- C:\Windows\PCHEALTH
2014-06-20 21:50:16 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2014-06-20 21:50:16 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2014-06-20 21:50:16 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2014-06-20 21:50:16 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2014-06-20 21:50:15 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-06-20 21:50:15 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2014-06-20 21:50:15 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-06-20 21:50:15 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-06-20 21:49:50 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2014-06-20 21:49:50 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2014-06-20 21:49:26 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2014-06-20 21:49:26 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2014-06-20 21:48:39 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2014-06-20 21:48:39 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2014-06-20 21:48:39 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2014-06-20 21:48:38 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2014-06-20 21:47:31 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2014-06-20 21:47:31 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-06-20 21:47:30 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2014-06-20 21:47:30 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2014-06-20 21:47:30 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2014-06-20 21:47:28 4068864 ----a-w- C:\Windows\System32\mf.dll
2014-06-20 21:47:27 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2014-06-20 21:46:45 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1def1f221cf8cd105\DXSETUP.exe
2014-06-20 21:46:45 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1def1f221cf8cd105\dsetup32.dll
2014-06-20 21:46:44 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1def1f221cf8cd105\DSETUP.dll
2014-06-20 21:46:38 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1ba0447c1cf8cd104\DSETUP.dll
2014-06-20 21:46:38 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1ba0447c1cf8cd104\DXSETUP.exe
2014-06-20 21:46:38 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1ba0447c1cf8cd104\dsetup32.dll
2014-06-20 21:46:21 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11fbb6461cf8cd101\DSETUP.dll
2014-06-20 21:46:21 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11fbb6461cf8cd101\DXSETUP.exe
2014-06-20 21:46:21 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\11fbb6461cf8cd101\dsetup32.dll
2014-06-20 21:46:15 -------- d-----w- C:\Users\John\AppData\Local\Windows Live
2014-06-20 21:46:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2014-06-20 21:45:35 -------- d-----r- C:\Users\John\Dropbox
2014-06-20 21:44:44 -------- d-----w- C:\Users\John\AppData\Roaming\DropboxMaster
2014-06-20 21:40:37 -------- d-----w- C:\Program Files\AVAST Software
2014-06-20 21:39:28 -------- d-----w- C:\ProgramData\AVAST Software
2014-06-20 21:36:47 -------- d-----w- C:\Users\John\AppData\Local\Google
2014-06-20 21:36:26 -------- d-----w- C:\Users\John\AppData\Local\Deployment
2014-06-20 21:36:26 -------- d-----w- C:\Users\John\AppData\Local\Apps
2014-06-20 21:34:36 -------- d-----w- C:\Users\John\AppData\Local\NVIDIA
2014-06-20 21:32:58 -------- d-----w- C:\Windows\SysWow64\Defaults
2014-06-20 21:32:38 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2014-06-20 21:32:16 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2014-06-20 21:32:10 -------- d-----w- C:\Program Files\Creative
2014-06-20 21:30:55 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-06-20 21:26:25 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-06-20 21:26:05 -------- d-----w- C:\NVIDIA
2014-06-20 21:21:15 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-06-20 21:21:15 325152 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-06-20 21:21:15 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-06-20 21:20:53 -------- d-----w- C:\Program Files (x86)\Realtek
.
==================== Find3M ====================
.
2014-06-20 21:42:23 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-06-20 21:42:23 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-06-20 21:42:00 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-06-20 21:42:00 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-06-20 21:42:00 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-06-20 21:42:00 43152 ----a-w- C:\Windows\avastSS.scr
2014-06-20 21:42:00 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-06-20 21:42:00 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-06-20 21:31:30 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-06-20 21:31:30 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-06-20 21:31:29 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-06-20 21:31:29 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-04-01 01:34:22 322248 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 2:12:42.91 ===============

2nd Lg (attach):

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/20/2014 5:18:34 PM
System Uptime: 6/21/2014 1:06:04 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A89GTD-PRO/USB3
Processor: AMD FX(tm)-8150 Eight-Core Processor | AM3 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 396.347 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 149 GiB total, 89.565 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1214.362 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&2B4059EA&0&31A4
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&2B4059EA&0&31A4
Service:
.
==== System Restore Points ===================
.
RP1: 6/20/2014 5:20:45 PM - Installed Realtek Ethernet Controller Driver For Windows Vista aþí2h
RP2: 6/20/2014 5:28:37 PM - Windows Update
RP3: 6/20/2014 5:30:40 PM - Device Driver Package Install: Creative Sound, video and game controllers
RP4: 6/20/2014 5:31:51 PM - Installed Creative Audio Console
RP5: 6/20/2014 5:32:24 PM - Installed Creative Software AutoUpdate
RP6: 6/20/2014 5:32:42 PM - Device Driver Package Install: Creative Sound, video and game controllers
RP7: 6/20/2014 5:40:26 PM - avast! antivirus system restore point
RP8: 6/20/2014 5:46:16 PM - Windows Live Essentials
RP10: 6/20/2014 5:47:08 PM - Windows Modules Installer
RP11: 6/20/2014 5:48:14 PM - Windows Update
RP12: 6/20/2014 5:49:04 PM - Installed DirectX
RP13: 6/20/2014 5:49:36 PM - Installed DirectX
RP14: 6/20/2014 5:49:53 PM - Installed DirectX
RP15: 6/20/2014 5:51:18 PM - WLSetup
RP16: 6/20/2014 5:54:37 PM - Installed TuneUp Utilities
RP17: 6/20/2014 5:55:22 PM - Installed Image Resizer Powertoy Clone for Windows (64 bit)
RP18: 6/20/2014 6:02:16 PM - Installed DirectX
RP19: 6/20/2014 6:03:31 PM - Installed NEC Electronics USB 3.0 Host Controller Driver
RP20: 6/20/2014 6:04:59 PM - Installed GPU Boost Driver
RP21: 6/20/2014 6:09:17 PM - Windows Update
RP22: 6/20/2014 6:13:30 PM - Windows Update
RP23: 6/20/2014 7:31:01 PM - Installed 7-Zip 9.20 (x64 edition)
RP24: 6/20/2014 7:50:12 PM - Installed DirectX
RP25: 6/20/2014 10:19:06 PM - Windows Update
RP26: 6/21/2014 1:30:02 AM - Installed SpyHunter
RP27: 6/21/2014 1:50:48 AM - Removed SpyHunter
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
avast! Free Antivirus
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Creative Audio Console
Creative Software AutoUpdate
Curse Client
D3DX10
Dropbox
Foxit Reader
Google Chrome
Google Update Helper
GPU Boost Driver
Image Resizer Powertoy Clone for Windows (64 bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA Control Panel 335.23
NVIDIA Graphics Driver 335.23
NVIDIA Install Application
NVIDIA Network Service
NVIDIA Update 11.10.13
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
OpenAL
Photo Common
Photo Gallery
Realtek Ethernet Controller Driver For Windows 7
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype 6.16
Spybot - Search & Destroy
The Weather Network
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VLC media player 2.1.3
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/21/2014 1:10:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
6/21/2014 1:08:34 AM, Error: Service Control Manager [7023] -
6/21/2014 1:05:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
6/21/2014 1:05:30 AM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/21/2014 1:05:00 AM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
6/21/2014 1:04:59 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/21/2014 1:04:56 AM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
6/20/2014 6:21:18 PM, Error: Service Control Manager [7030] - The Foxit Cloud Safe Update Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/20/2014 5:55:13 PM, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
6/20/2014 5:39:29 PM, Error: Service Control Manager [7000] - The kagfesio service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Attached Images

bad (Small).jpg (37.3 KB)

Attached Files

Ark.log (30.1 KB)

↧

Malware Infection - OffersWizard

June 21, 2014, 5:30 am

≫ Next: Need Help

≪ Previous: Adware wont go away

Hubbys computer keeps getting infected with these ad programs. I usually can clean it up no problem. This time the name is OffersWizard and it does not appear in the uninstall programs. What does appear to be newly installed is a Network System Driver, but when I try to uninstall it, my Norton popsup a notice that au_.exe is a threat and has been removed. But the item I was trying to uninstall does not go away.
I searched on the name OffersWizard and it references this Network System Driver but can find no answer to when it won't uninstall. I have also deleted all browser info and run full scans to no avail.

↧

Need Help

June 22, 2014, 9:01 am

≫ Next: Pop-ups

≪ Previous: Malware Infection - OffersWizard

Hope this attachment does not set off a fire storm but here is the screen I keep getting when on some web pages.

read the bottom line which says it (the message I presume) is not associated with adobe. A web site of premu... above comes up the a .ro site. Something off shore.

Attached Images

Untitled.png (262.3 KB)

↧

Pop-ups

June 22, 2014, 11:49 am

≫ Next: Very slow and freezing..horrendous response time

≪ Previous: Need Help

I have all these pop-ups that are coming up and slowing my computer down!! Here's all these scan results.

Hijack This scan:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:38 PM, on 6/21/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33...8AA3C36D&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: CrossriderApp0049074 - {11111111-1111-1111-1111-110411901174} - C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho.dll
O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.515\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.515\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MindDabble EPM Support] "C:\PROGRA~2\MINDDA~2\bar\1.bin\4pmedint.exe" T8EPMSUP.DLL,S
O4 - HKLM\..\Run: [MindDabble_4p Browser Plugin Loader 64] C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbrmon64.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kiwimeeting.webex.com/client...r/ieatgpc1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: MindDabbleService (MindDabble_4pService) - COMPANYVERS_NAME - C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbarsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
O23 - Service: PGMTrusted - iWin Inc. - C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.5 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18169 bytes

DDS Scan 1:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by User at 23:40:21 on 2014-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3781 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MindDabble_4p\bar\1.bin\4pbrmon64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbarsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPB987C 2C7-BE17-4D92-9474-37F28AA3C36D&SSPV=
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: The weDownload Manager: {11111111-1111-1111-1111-110411901174} - C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.515\AVG SafeGuard toolbar_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.515\AVG SafeGuard toolbar_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [MindDabble EPM Support] "C:\PROGRA~2\MINDDA~2\bar\1.bin\4pmedint.exe" T8EPMSUP.DLL,S
mRun: [MindDabble_4p Browser Plugin Loader 64] C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbrmon64.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MY PCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kiwimeeting.webex.com/client/WBXclient-T28L10NSP11-16469/nbr/ieatgpc1.cab
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{31C9E22C-8F0E-447C-94B2-223FFD881F0D} : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{31C9E22C-8F0E-447C-94B2-223FFD881F0D}\25163696E656F577962756C6563737 : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: The weDownload Manager: {11111111-1111-1111-1111-110411901174} - C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ln2ev489.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - ExtSQL: !HIDDEN! 2013-06-10 21:10; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 {890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64;{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64;C:\windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys [2014-4-24 61120]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-9-11 50464]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2013-6-4 95152]
R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\windows\System32\rundll32.exe [2009-7-13 45568]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-8-8 204288]
R2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-5-23 2497856]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2011-8-8 162824]
R2 MindDabble_4pService;MindDabbleService;C:\PROGRA~2\MINDDA~2\bar\1.bin\4pbar svc.exe [2014-3-21 88648]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-6-24 132504]
R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2014-3-27 581568]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-8-8 126392]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2011-8-8 14112]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 vToolbarUpdater18.1.5;vToolbarUpdater18.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [2014-5-8 1801752]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-8-8 115216]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-8-8 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-8-8 1142376]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-8-8 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-4-5 828336]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-3-14 36392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-12 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-8-8 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-20 20:24:56 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8FD26AF8-F69E-420F-94D3-C51F5B4DB4F1}\mpengine.dll
2014-06-17 20:50:37 -------- d-----w- C:\Users\User\AppData\Roaming\Optimizer Pro
2014-06-17 20:50:29 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-06-17 20:29:30 -------- d-----w- C:\Program Files (x86)\InstallConverter bundle uninstaller_Installer Converter new_1154524
2014-06-12 13:40:51 506368 ----a-w- C:\windows\System32\aepdu.dll
2014-06-12 13:40:50 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-10 14:13:38 -------- d-----w- C:\Users\User\AppData\Local\LogMeIn Rescue Applet
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\windows\SysWow64\wininet.dll
2014-05-14 00:19:52 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 00:19:52 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-08 20:35:19 50464 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2014-04-25 02:34:59 801280 ----a-w- C:\windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-04-24 16:32:28 61120 ----a-w- C:\windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
2014-04-22 01:01:46 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-04-01 02:46:48 130712 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46:48 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-03-31 13:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-03-26 14:44:48 2002432 ----a-w- C:\windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
.
============= FINISH: 23:41:26.55 ===============

DDS Scan 2:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/2/2012 9:58:18 AM
System Uptime: 6/21/2014 11:33:12 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | TKBSS
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | CPU 1 | 1400/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 579 GiB total, 527.427 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709n
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
AVG SafeGuard toolbar
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Systems VPN Client 5.0.07.0440
Cisco WebEx Meetings
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Corel WinDVD
D3DX10
Destinations
DeviceDiscovery
DocMgr
DocProc
Easy Phone Sync
Easy Phone Sync for Blackberry
Fax
Google Chrome
Google Update Helper
GPBaseService2
HP Document Manager 2.0
HP Imaging Device Functions 14.0
HP Officejet 6500 E709 Series
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
InstallConverter
InstallConverter bundle uninstaller
iTunes
Java 7 Update 55
Java Auto Updater
Java(TM) 6 Update 22
join.me
Junk Mail filter update
Label@Once 1.0
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPC Backup
Network64
Norton PC Checkup
OCR Software by I.R.I.S. 14.0
Online Games Manager v1.30
Online Plug-in
OpenOffice.org 3.3
Optimizer Pro v3.2
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Pogo Games
Press Your Luck(TM)
ProductContext
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Scan
Search Protect
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Self-service Plug-in
Shop for HP Supplies
Skype Launcher
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
The weDownload Manager
Toolbox
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
Word Bird Supreme
.
==== Event Viewer Messages From Past Week ========
.
6/21/2014 11:34:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
6/21/2014 11:34:07 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/17/2014 2:18:20 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
6/17/2014 2:18:20 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
6/17/2014 1:54:19 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================

GMER scan:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-22 00:21:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_HM641JI rev.2AJ10001 596.17GB
Running: m3r741lw.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapoc.sys

---- User code sections - GMER 2.1 ----

.text C:\windows\SysWOW64\rundll32.exe[1864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\windows\SysWOW64\rundll32.exe[1864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[2772] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[2772] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2
.text C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[3580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[3580] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[3500] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[3500] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2
.text C:\Program Files (x86)\Online Games Manager\ogmservice.exe[3824] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\Program Files (x86)\Online Games Manager\ogmservice.exe[3824] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2
.text C:\Program Files (x86)\PasswordBox\pbbtnService.exe[3956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\Program Files (x86)\PasswordBox\pbbtnService.exe[3956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[4564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[4564] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[5532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[5532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[5640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a61465 2 bytes [A6, 76]
.text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[5640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a614bb 2 bytes [A6, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\windows\System32\svchost.exe [6304:5684] 000007fee6fe9688
---- Processes - GMER 2.1 ----

Library C:\Users\User\AppData\Local\Temp\rad0A7D3.tmp\bin\Gadget.Interop.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2524](2012-05-02 17:03:58) 0000000074110000
Library C:\Users\User\AppData\Local\Temp\rad655E9.tmp\bin\x64\sharpwrapi_x64.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2524](2014-06-22 03:33:50) 000000001e700000
Library C:\Users\User\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2524](2012-05-02 17:03:33) 000000006c300000
Library C:\Users\User\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2524](2012-05-02 17:03:33) 000000006bc10000
Library C:\Users\User\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2524](2012-05-02 17:03:33) 000000006bc00000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Thanks, Carla

↧

Very slow and freezing..horrendous response time

June 22, 2014, 3:41 pm

≫ Next: Computer virus

≪ Previous: Pop-ups

Do you have Firefox?

↧

Computer virus

June 22, 2014, 4:15 pm

≫ Next: Cant run some progarms unless I reboot, Computer freezes sometimes

≪ Previous: Very slow and freezing..horrendous response time

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.51.2
Run by lorraine at 8:56:44 on 2014-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3781.1816 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\ProgramData\IePluginServices\PluginService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~2\DAILYF~1\bar\1.bin\53barsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\003\jzmoeejfme64.exe
C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe
C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\AppIntegrator64.exe
C:\ProgramData\Updater\updater.exe
C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53brmon.exe
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53brmon64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Program Files (x86)\Rid Spyware\RidSpywareUpdate.exe
C:\ProgramData\MovieMode\up\2.6.78\MovieMode.exe
C:\ProgramData\MovieMode\up\2.6.78\MovieMode64.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH
mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH&q={searchTerms}
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Search Assistant BHO: {19b4fdc9-b1b5-4c8e-ab5f-adcf4ebc0b0b} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll
BHO: Rich Media View: {1e58a560-b4b4-4301-b527-22ccabb7b3f7} - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release414\ie\RichMediaViewV1release41 4.dll
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
BHO: Search Deals: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\SearchDeals2\IE\common.dll
BHO: Media Watch: {5736cea4-5854-47b3-ae92-a332b8c411e5} - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home220\ie\MediaWatchV1home220.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Media Buzz: {92d51447-abed-4834-9f61-93ce180fc3b8} - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5329\ie\MediaBuzzV1mode5329.dll
BHO: Toolbar BHO: {d36bfff8-a3ae-4032-a179-f29083c68ba7} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Daily Fitness Center: {a6547405-a964-4600-8326-e91c95218964} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll
uRun: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
uRun: [Updater] C:\ProgramData\Updater\updater.exe
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\lorraine\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [Copernic Desktop Search 4] "C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe" /tray
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe blrun
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [fst_au_46] <no file>
dRun: [Updater] C:\ProgramData\Updater\updater.exe
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 211.29.132.12 198.142.0.51 198.142.235.14
TCP: Interfaces\{6A87782A-11A3-496F-B501-AC97FF64C5AB} : DHCPNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
AppInit_DLLs= C:\PROGRA~2\SupTab\SEARCH~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} - "C:\Program Files (x86)\Browser\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH
x64-mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH
x64-mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH&q={searchTerms}
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Daily Fitness Center Home Page Guard 64 bit] "C:\PROGRA~2\DAILYF~1\bar\1.bin\AppIntegrator64.exe"
x64-Run: [RidSpywareShield] C:\Program Files (x86)\Rid Spyware\RidSpywareShield.exe
x64-Run: [RidSpywareUpdater] C:\Program Files (x86)\Rid Spyware\RidSpywareUpdate.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 nethfdrv;nethfdrv;C:\Windows\System32\drivers\nethfdrv.sys [2014-6-16 46160]
R2 DailyFitnessCenter_53Service;Daily Fitness CenterService;C:\PROGRA~2\DAILYF~1\bar\1.bin\53barsvc.exe [2014-5-17 88648]
R2 IePluginServices;IePlugin Services;C:\ProgramData\IePluginServices\PluginService.exe -service --> C:\ProgramData\IePluginServices\PluginService.exe -service [?]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 InternetUpdater;Internet Updater;C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [2014-1-15 45568]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-7-29 166720]
R2 jzmoeejfme64;jzmoeejfme64;C:\Program Files\003\jzmoeejfme64.exe run options=01100010030000000000000000000000 sourceguid=70E6AF92-DAD1-4077-A3A2-B4A7229D6B85 --> C:\Program Files\003\jzmoeejfme64.exe run options=01100010030000000000000000000000 sourceguid=70E6AF92-DAD1-4077-A3A2-B4A7229D6B85 [?]
R2 MovieMode;Movie Mode;C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe [2014-4-19 66704]
R2 NetHttpService;Network HTTP Support Service;C:\Windows\SysWOW64\nethtsrv.exe [2014-6-16 180224]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
R2 ServiceUpdater;Network Support Service Updater;C:\Windows\SysWOW64\netupdsrv.exe [2014-6-16 162304]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-29 365376]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-29 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe --> C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [?]
S2 Update ScanTack;Update ScanTack;"C:\Program Files (x86)\ScanTack\updateScanTack.exe" --> C:\Program Files (x86)\ScanTack\updateScanTack.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-31 1255736]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-22 22:52:17 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C35F50D-2571-4AD3-960E-25983AF598E8}\mpengine.dll
2014-06-22 22:46:19 687 ----a-w- C:\awh4394.tmp
2014-06-22 11:19:18 -------- d-----w- C:\Users\lorraine\AppData\Roaming\Activeris
2014-06-22 08:27:50 687 ----a-w- C:\awhFBDB.tmp
2014-06-22 04:25:49 687 ----a-w- C:\awh434.tmp
2014-06-22 04:07:56 -------- d-----w- C:\ProgramData\Rid Spyware
2014-06-22 03:49:14 687 ----a-w- C:\awh38AC.tmp
2014-06-22 03:10:13 -------- d-----w- C:\Users\lorraine\AppData\Roaming\rightbackup
2014-06-22 03:08:00 -------- d-----w- C:\Program Files (x86)\Amazon
2014-06-22 02:23:00 -------- d-----w- C:\ProgramData\Systweak
2014-06-22 02:20:00 -------- d-----w- C:\ProgramData\374311380
2014-06-22 02:19:14 687 ----a-w- C:\awhCF20.tmp
2014-06-22 02:11:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-22 02:10:03 -------- d-----w- C:\Users\lorraine\AppData\Roaming\smileyswelove
2014-06-22 02:09:39 -------- d-----w- C:\Users\lorraine\AppData\Roaming\SupTab
2014-06-22 02:09:32 -------- d-----w- C:\ProgramData\IePluginServices
2014-06-22 02:09:31 -------- d-----w- C:\ProgramData\WindowsProtectManger
2014-06-22 02:09:31 -------- d-----w- C:\Program Files (x86)\SupTab
2014-06-22 02:09:26 20312 ----a-w- C:\Windows\System32\roboot64.exe
2014-06-22 02:09:19 -------- d-----w- C:\Users\lorraine\AppData\Roaming\systweak
2014-06-22 02:09:07 -------- d-----w- C:\Users\lorraine\AppData\Roaming\sweet-page
2014-06-22 02:09:07 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-06-22 02:08:44 -------- d-----w- C:\Program Files (x86)\Rid Spyware
2014-06-22 02:08:36 -------- d-----w- C:\Program Files (x86)\PC Speed Up
2014-06-22 02:08:18 -------- d-----w- C:\Program Files\003
2014-06-21 22:21:03 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-21 12:33:22 687 ----a-w- C:\awh2146.tmp
2014-06-20 07:53:15 687 ----a-w- C:\awh8914.tmp
2014-06-20 07:48:10 -------- d-----w- C:\Program Files (x86)\Common Files\Config
2014-06-15 22:40:45 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-06-15 21:31:12 46160 ----a-w- C:\Windows\System32\drivers\nethfdrv.sys
2014-06-15 21:30:58 162304 ----a-w- C:\Windows\SysWow64\netupdsrv.exe
2014-06-15 21:30:46 111104 ----a-w- C:\Windows\SysWow64\installd.exe
2014-06-15 21:30:36 180224 ----a-w- C:\Windows\SysWow64\nethtsrv.exe
2014-06-15 21:30:24 108544 ----a-w- C:\Windows\SysWow64\hfnapi.dll
2014-06-15 21:30:14 246784 ----a-w- C:\Windows\SysWow64\hfpapi.dll
2014-06-13 13:29:07 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D69C816-4F48-4192-A933-F1A0A1BFA52C}\gapaengine.dll
2014-06-11 09:38:39 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 09:38:39 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 09:38:37 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 09:38:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 09:38:33 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-11 09:38:33 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-11 09:38:33 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-11 09:38:32 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-11 09:38:32 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-11 09:38:32 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-11 09:38:32 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-06-11 09:38:31 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-11 09:37:31 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 09:37:30 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-14 03:09:13 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 03:09:13 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-24 11:02:59 1357456 ----a-w- C:\Windows\System32\MovieMode.48CA2AEFA22D.2.6.78.dll
2014-04-24 10:20:53 1161872 ----a-w- C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.2.6.78.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 8:57:18.97 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27-Jul-13 2:36:24 AM
System Uptime: 23-Jun-14 8:40:35 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | H61M-E
Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz | LGA1155 | 2900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 415.357 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB Cable Modem
Device ID: USB\VID_0846&PID_3401\0026F22DEF0A
Manufacturer:
Name: USB Cable Modem
PNP Device ID: USB\VID_0846&PID_3401\0026F22DEF0A
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP131: 03-Jun-14 2:00:24 AM - Windows Update
RP132: 06-Jun-14 8:11:14 PM - Windows Update
RP133: 10-Jun-14 2:07:07 AM - Windows Update
RP134: 12-Jun-14 3:00:24 AM - Windows Update
RP135: 15-Jun-14 7:07:41 AM - Windows Update
RP136: 18-Jun-14 9:17:49 PM - Windows Update
RP137: 20-Jun-14 8:21:38 AM - Installed Copernic Desktop Search 4
RP138: 22-Jun-14 8:20:19 AM - Windows Update
RP139: 22-Jun-14 12:10:04 PM - Installed Java 7 Update 51
RP140: 22-Jun-14 12:15:37 PM - Removed Bonjour
.
==== Installed Programs ======================
.
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
Apple Application Support
Apple Mobile Device Support
Browser
Copernic Agent Personal
Copernic Desktop Search 4
Daily Fitness Center Internet Explorer Toolbar
Google Update Helper
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 51
McAfee Security Scan Plus
Media Buzz
Media View
Media Watch
Microsoft .NET Framework 4.5.1
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Network System Driver
Opera Stable 22.0.1471.70
Rich Media View
Search Deals
Search Protect
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
sweet-page uninstaller
.
==== Event Viewer Messages From Past Week ========
.
23-Jun-14 8:43:16 AM, Error: Service Control Manager [7000] - The Search Protect Service service failed to start due to the following error: The system cannot find the file specified.
23-Jun-14 8:41:14 AM, Error: Service Control Manager [7000] - The Update ScanTack service failed to start due to the following error: The system cannot find the file specified.
22-Jun-14 12:19:19 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
22-Jun-14 12:14:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
22-Jun-14 12:14:10 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22-Jun-14 12:13:02 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
22-Jun-14 12:10:02 PM, Error: Service Control Manager [7034] - The Search Protect Service service terminated unexpectedly. It has done this 1 time(s).
22-Jun-14 1:41:10 PM, Error: Service Control Manager [7031] - The RBClientService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
22-Jun-14 1:09:01 PM, Error: Service Control Manager [7034] - The Rid Spyware Realtime Shield Service service terminated unexpectedly. It has done this 1 time(s).
20-Jun-14 11:55:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.177.132.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10701.0 Error code: 0x80244015 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
17-Jun-14 8:23:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-23 09:08:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST500DM002-1BD142 rev.KC45 465.76GB
Running: 02kxwe43.exe; Driver: C:\Users\lorraine\AppData\Local\Temp\uxdyrkob.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fa5000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002fa5011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

---- User code sections - GMER 2.1 ----

.text C:\ProgramData\IePluginServices\PluginService.exe[1224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fb1465 2 bytes [FB, 74]
.text C:\ProgramData\IePluginServices\PluginService.exe[1224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fb14bb 2 bytes [FB, 74]
.text ... * 2
.text C:\Windows\SysWOW64\nethtsrv.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fb1465 2 bytes [FB, 74]
.text C:\Windows\SysWOW64\nethtsrv.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fb14bb 2 bytes [FB, 74]
.text ... * 2
.text C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe[3624] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007743000c 1 byte [C3]
.text C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe[3624] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000774bf8ea 5 bytes [C3, D2, DC, FA, FF]
.text C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fb1465 2 bytes [FB, 74]
.text C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fb14bb 2 bytes [FB, 74]
.text ... * 2
.text C:\ProgramData\MovieMode\up\2.6.78\MovieMode.exe[5028] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074fb1465 2 bytes [FB, 74]
.text C:\ProgramData\MovieMode\up\2.6.78\MovieMode.exe[5028] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074fb14bb 2 bytes [FB, 74]
.text ... * 2
---- Processes - GMER 2.1 ----

Process C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (*** suspicious ***) @ C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [1884] (Internet Updater Service/Parallel Lines Development, LLC)(2014-01-15 01:07:04) 0000000000fa0000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- EOF - GMER 2.1 ----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:10:32 AM, on 23-Jun-14
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\ProgramData\Updater\updater.exe
C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53brmon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\ProgramData\MovieMode\up\2.6.78\MovieMode.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Program Files (x86)\Browser\Application\chromegc.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Users\lorraine\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&t...NHXXXXZ3TMZ6NH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&t...NHXXXXZ3TMZ6NH
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1403402911&from=pjr&uid=ST500DM002-1BD142_Z3TMZ6NHXXXXZ3TMZ6NH&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&t...NHXXXXZ3TMZ6NH
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Search Assistant BHO - {19b4fdc9-b1b5-4c8e-ab5f-adcf4ebc0b0b} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll
O2 - BHO: RichMediaViewV1release414 - {1e58a560-b4b4-4301-b527-22ccabb7b3f7} - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release414\ie\RichMediaViewV1release41 4.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Search Deals - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\SearchDeals2\IE\common.dll
O2 - BHO: MediaWatchV1home220 - {5736cea4-5854-47b3-ae92-a332b8c411e5} - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home220\ie\MediaWatchV1home220.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: MediaBuzzV1mode5329 - {92d51447-abed-4834-9f61-93ce180fc3b8} - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5329\ie\MediaBuzzV1mode5329.dll
O2 - BHO: Toolbar BHO - {d36bfff8-a3ae-4032-a179-f29083c68ba7} - C:\PROGRA~2\DAILYF~1\bar\1.bin\53bar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Daily Fitness Center - {a6547405-a964-4600-8326-e91c95218964} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe blrun
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Updater] C:\ProgramData\Updater\Updater.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [Registry Helper] "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKLM\..\Run: [Daily Fitness Center EPM Support] "C:\PROGRA~2\DAILYF~1\bar\1.bin\53medint.exe" T8EPMSUP.DLL,S
O4 - HKLM\..\Run: [Daily Fitness Center Search Scope Monitor] "C:\PROGRA~2\DAILYF~1\bar\1.bin\53srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [DailyFitnessCenter_53 Browser Plugin Loader] C:\PROGRA~2\DAILYF~1\bar\1.bin\53brmon.exe
O4 - HKLM\..\Run: [DailyFitnessCenter_53 Browser Plugin Loader 64] C:\PROGRA~2\DAILYF~1\bar\1.bin\53brmon64.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
O4 - HKCU\..\Run: [Updater] C:\ProgramData\Updater\updater.exe
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\lorraine\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [Copernic Desktop Search 4] "C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [Updater] C:\ProgramData\Updater\updater.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Updater] C:\ProgramData\Updater\updater.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Search Protect Service (CltMngSvc) - Unknown owner - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Daily Fitness CenterService (DailyFitnessCenter_53Service) - COMPANYVERS_NAME - C:\PROGRA~2\DAILYF~1\bar\1.bin\53barsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Internet Updater (InternetUpdater) - Parallel Lines Development, LLC - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: jzmoeejfme64 - Unknown owner - C:\Program Files\003\jzmoeejfme64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Movie Mode (MovieMode) - GenTechnologies Apps, LLC - C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Network HTTP Support Service (NetHttpService) - Unknown owner - C:\Windows\SysWOW64\nethtsrv.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Network Support Service Updater (ServiceUpdater) - Unknown owner - C:\Windows\SysWOW64\netupdsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update ScanTack - Unknown owner - C:\Program Files (x86)\ScanTack\updateScanTack.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13425 bytes

↧

Cant run some progarms unless I reboot, Computer freezes sometimes

June 22, 2014, 4:21 pm

≫ Next: Attack!!

≪ Previous: Computer virus

For the past few days I noticed that I could not start Photoshop after I run some other programs unless I reboot. I have no issues after rebooting. But I can't reproduce this error everytime, but can reproduce say 5 out of 10 tries. Ran Chkdsk and it did not report any errors. I went through Adobe forums and did any solutions I found, but they did not help (Deleting preferences file in Photoshop did not help. My scratch disk is already on a 1TB disk with 95% unused space. So that also was not the issue). Want to see if there are any viruses etc that are using up my resources. Ran Highjackthis, DDS and GEMR and am posting the four text files below. (Just to add: I noticed several lines of Adobe Photoshop in the DDS file for some reason. I did not re-boot the computer since it failed to open photoshop. I am not sure if this is relevant):

1) Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:34:14 PM, on 6/22/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Downloads\HijackThis(2).exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Arun\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Snagit 11.lnk = C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.gardencitygrop.com
O15 - Trusted Zone: *.zagat.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.7.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: 3ware 3DM2 (3DM2) - LSI - C:\Program Files\AMCC\3DM2/3dm2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14748 bytes
=========================================================================== ===============
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Arun at 18:34:38 on 2014-06-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9481 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AMCC\3DM2\3dm2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.========================================================================== ==============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/6/2011 4:16:53 PM
System Uptime: 6/22/2014 1:28:24 PM (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6X58D PREMIUM
Processor: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz | LGA1366 | 3334/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 14.432 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1629.536 GiB free.
E: is CDROM ()
J: is FIXED (NTFS) - 1397 GiB total, 286.059 GiB free.
K: is FIXED (NTFS) - 699 GiB total, 77.752 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP606: 6/20/2014 9:27:32 AM - Windows Update
.
==== Installed Programs ======================
.
3ware Disk Management Tools
Adobe AIR
Adobe Connect 9 Add-in
Adobe Creative Cloud
Adobe Creative Suite 6 Production Premium
Adobe Download Assistant
Adobe Dreamweaver CS6
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 13 Plugin
Adobe Flash Player 14 ActiveX
Adobe Help Manager
Adobe Media Player
Adobe Reader XI (11.0.07)
Adobe Widget Browser
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
bl
Bonjour
Briz Video Joiner
Brother MFL-Pro Suite MFC-7840W
Bulk Rename Utility 2.7.1.2
CCleaner
ChromecastApp
Citrix Authentication Manager
Citrix online plug-in (Web)
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DiskAid 5.06
EPSON Printer Software
eReg
ESET Online Scanner v3
FaceFilter Studio 2
Fast Duplicate File Finder 3.5.0.1
FastStone Image Viewer 5.1
ffdshow v1.2.4436 [2012-04-22]
Fidelity Active Trader Pro®
Free File Viewer 2011
Free PDF Solutions PDF to WORD version 1.0
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile + State 2011
H&R Block Deluxe + Efile + State 2012
H&R Block Deluxe + Efile + State 2013
H&R Block New York 2011
H&R Block New York 2012
H&R Block New York 2013
iCloud
IHA_MessageCenter
ImTOO YouTube HD Video Downloader
Intel(R) Rapid Storage Technology
Internet Explorer (Enable DEP)
IrfanView (remove only)
iTunes
join.me
K-Lite Mega Codec Pack 7.9.0
Logitech Flow Scroll 4.0
Logitech Harmony Remote Software 7
Logitech SetPoint 6.32
MakeitOne - MP3AlbumMaker
Malwarebytes Anti-Malware version 1.75.0.1300
marvell 91xx driver
Marvell Miniport Driver
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Movie Maker
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.5.6366
MSVCRT
MSVCRT110
MSVCRT110_amd64
NEC Electronics USB 3.0 Host Controller Driver
Nitro Reader 3
NVIDIA 3D Vision Controller Driver 337.88
NVIDIA 3D Vision Driver 337.88
NVIDIA Control Panel 337.88
NVIDIA GeForce Experience 2.0.1
NVIDIA Graphics Driver 337.88
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 12.4.67
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 12.4.67
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
Octoshape add-in for Adobe Flash Player
Online Plug-in
OpenAL
PDF Settings CS6
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
ph
Photo Common
Photo Gallery
PSD Codec by Ardfry Imaging, LLC (32 bit)
PSD Codec by Ardfry Imaging, LLC (64 bit)
PSD CODEC Version 1.6.1.0
Psykopaint
PVSonyDll
PxMergeModule
Question Writer 4
QuickTime 7
Realtek High Definition Audio Driver
Remote Control USB Driver
Safari
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Self-service Plug-in
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SHIELD Streaming
Snagit 10.0.1
Snagit 11
TreeSize Free V3.0.1
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Virtual Account Numbers
VLC media player 2.1.2
Vz In-Home Agent
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinPcap 4.1.2
WM Capture 5
WM Capture 7
WM Recorder
WM Splitter 2.2.1305.22
Xilisoft Video Cutter 2
Yahoo SiteBuilder
YouTube Downloader Toolbar v6.0
YTD Video Downloader 4.8.2
.
==== Event Viewer Messages From Past Week ========
.
6/22/2014 3:17:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
6/22/2014 1:17:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/22/2014 1:16:09 PM, Error: volmgr [46] - Crash dump initialization failed!
6/22/2014 1:01:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
6/21/2014 8:57:27 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
6/21/2014 8:57:27 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
6/21/2014 8:39:35 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
6/21/2014 8:29:24 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
6/20/2014 8:12:04 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.
6/17/2014 6:50:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.175.2394.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10600.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-22 19:01:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.2CV1 74.53GB
Running: jbjrhjl1.exe; Driver: C:\Users\Arun\AppData\Local\Temp\ufryqpog.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[4800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5148] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5148] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[7964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077461465 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[7964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774614bb 2 bytes [46, 77]
.text ... * 2

---- EOF - GMER 2.1 ----

↧

Attack!!

June 22, 2014, 4:53 pm

≫ Next: Need solution for DLLHOST.EXE slowing down CPU

≪ Previous: Cant run some progarms unless I reboot, Computer freezes sometimes

what nobody can help?

↧

Need solution for DLLHOST.EXE slowing down CPU

June 22, 2014, 6:31 pm

≫ Next: Receiving Internet Explorer Error Messages

≪ Previous: Attack!!

I was going to try the rogue killer http://www.adlice.com/softwares/roguekiller/

however there are 2 of them one says foss hub and the other says local. I wasn't sure which one to choose and download.

↧

Latest Images