My grandson brought his computer over and it was running slow. I ran Junkware Removal and AdwCleaner and MalwareBytes and I am posting these results first.
I also ran Hijack This, dds and Gmer after the cleaners and will post those results also. I want to know if his machine is clean now or does it need extra work? Thanks so much for your help.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by jlynn510 on Mon 02/24/2014 at 20:14:16.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-372124439-2685475776-2789169970-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\sear chprotec
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\jlynn510\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/24/2014 at 20:26:01.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*************************************************************************** *************************************
# AdwCleaner v3.019 - Report created 24/02/2014 at 20:36:19
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jlynn510 - MALACHI
# Running from : C:\Users\jlynn510\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\jlynn510\AppData\Local\NativeMessaging
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\Tasks\SaveSense.job
File Deleted : C:\Windows\System32\Tasks\SaveSense
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ccncljhbalbbkkfgopogabimepmfkmff
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\jlynn510\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [13951 octets] - [08/02/2014 11:14:15]
AdwCleaner[R1].txt - [3449 octets] - [24/02/2014 20:34:42]
AdwCleaner[S0].txt - [13451 octets] - [08/02/2014 11:15:57]
AdwCleaner[S1].txt - [3103 octets] - [24/02/2014 20:36:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3163 octets] ##########
*************************************************************************** ******************************
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.25.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
jlynn510 :: MALACHI [administrator]
2/24/2014 11:30:45 PM
MBAM-log-2014-02-25 (01-17-38).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 431555
Time elapsed: 1 hour(s), 27 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0 (PUP.Optional.BatBrowse.A) -> No action taken.
Files Detected: 34
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\hk64tbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\hktbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\InternetHelper3.6ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\ldrtbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\prxtbInt0.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\prxtbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\tbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProGuard.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProStart.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\Local\Conduit\CT3315827\I nternetHelper3.6AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\LocalLow\InternetHelper3. 6\hk64tbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\LocalLow\InternetHelper3. 6\hktbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\LocalLow\InternetHelper3. 6\ldrtbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\LocalLow\InternetHelper3. 6\tbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\Users\jlynn510\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.Optional.DomalQ) -> No action taken.
C:\Users\jlynn510\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91467D6U\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGLEZB7S\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsg182.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsgB4B6.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsgB9E5.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsl9DC.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\4c6d496a-2770-4fa6-b80f-2a3ca022b604\spidentifierimpl.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\4c6d496a-2770-4fa6-b80f-2a3ca022b604\software\sp-downloader.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsg8887\SpSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\Downloads\setup.exe (PUP.Optional.Outbrowse) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0\background .js (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0\content.js (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0\icon.png (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0\manifest.j son (PUP.Optional.BatBrowse.A) -> No action taken.
(end)
*************************************************************************** ******************************
The next scans were run after the above scans:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:59 AM, on 2/25/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\jlynn510\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sendoriv1 - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10729 bytes
*************************************************************************** ****************************************
Part 1
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by jlynn510 at 10:15:01 on 2014-02-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1404 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {462be121-2b54-4218-bf00-b9bf8135b23f} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{774A259A-47D0-4CC7-B983-358BBE6DA3A5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{774A259A-47D0-4CC7-B983-358BBE6DA3A5}\6416374774962716666656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{774A259A-47D0-4CC7-B983-358BBE6DA3A5}\84F4D454D283831323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{774A259A-47D0-4CC7-B983-358BBE6DA3A5}\C496C6C69784F6D656D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{CDEBBA72-421B-4EA1-B91C-161801C093C8} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: PPDFViewer: {25505816-6E9E-76E9-5698-6DAE973B0192} -
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: APptoU: {7EE52866-F7BF-712F-CD31-C7FAE27F05F8} -
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Daealsoter: {E3CAE6BF-C333-D75F-230B-370175B530D9} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-1 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-11 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-11 421704]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-11 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-8 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-3-10 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-6 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-10 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-4-10 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 Sendoriv1;Sendoriv1;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-10 2320920]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-8 80184]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-3-10 135560]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-10 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-10 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-10 287232]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-10 243712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-17 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-25 01:06:17 -------- d-----w- C:\Program Files (x86)\Uninstaller
2014-02-23 10:21:32 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67A42D7C-0411-4369-A3A0-31CA40444A77}\offreg.dll
2014-02-21 18:42:45 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67A42D7C-0411-4369-A3A0-31CA40444A77}\mpengine.dll
2014-02-12 22:42:05 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 22:42:05 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 22:42:05 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 22:42:05 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-08 17:20:21 -------- d-----w- C:\Windows\ERUNT
2014-02-08 16:33:12 -------- d-----w- C:\Users\jlynn510\AppData\Roaming\AVAST Software
2014-02-08 16:29:55 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-02-08 16:29:04 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-08 16:14:06 -------- d-----w- C:\AdwCleaner
2014-02-06 02:00:33 -------- d-----w- C:\Users\jlynn510\AppData\Local\Skype
2014-02-06 02:00:22 -------- d-----r- C:\Program Files (x86)\Skype
2014-01-30 20:34:55 -------- d-----w- C:\ProgramData\PPDFViewer
2014-01-30 20:34:51 -------- d-----w- C:\ProgramData\faffckfhmaaphfbahmoghkhcbcjmmgjo
.
==================== Find3M ====================
.
2014-02-20 21:51:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 21:51:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-08 16:29:48 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-02-08 16:29:48 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-02-08 16:29:48 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-08 16:29:47 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-02-08 16:29:47 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-08 16:29:46 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 10:15:36.35 ===============
Part 2
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/12/2012 12:58:01 PM
System Uptime: 2/25/2014 7:47:55 AM (3 hours ago)
.
Motherboard: Acer | | Aspire 5742
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 911/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 329.025 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP236: 2/13/2014 1:18:27 PM - Scheduled Checkpoint
RP237: 2/16/2014 3:00:11 AM - Windows Update
RP238: 2/21/2014 1:42:03 PM - Windows Update
.
==== Installed Programs ======================
.
18 Wheels of Steel - American Long Haul
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.1 MUI
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
avast! Free Antivirus
Backup Manager Basic
Bejeweled 2 Deluxe
Blackhawk Striker 2
Broadcom Gigabit NetLink Controller
Build-a-lot 2
CCleaner
Chuzzle Deluxe
CyberLink PowerDVD 9
D3DX10
Diner Dash 2 Restaurant Rescue
Disney Pirates of the Caribbean Online
DMUninstaller
Dora's Carnival Adventure
eSobi v2
ETDWare PS/2-x64 7.0.6.5_WHQL
FATE
Google Chrome
Google Update Helper
Guild Wars 2
HiDef Media Player 1.1.12
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 51
Java Auto Updater
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker Suite
NOOK for PC
NTI Media Maker 9
Penguins!
Pirate101
Plants vs. Zombies
Polar Bowler
Polar Golfer
PPDFViewer
Rainforest Adventure
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Shredder
Skype Click to Call
Skype 6.13
Steam
swMSM
The Lord of the Rings Online
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizard101
WModem Driver Installer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/25/2014 7:48:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
.
==== End Of File ===========================
*************************************************************************** ************************************
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-25 12:36:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: pmeyfiyu.exe; Driver: C:\Users\jlynn510\AppData\Local\Temp\pfldypow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033aa000 45 bytes [00, 00, 28, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033aa02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[712] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\services.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[1104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1372] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1692] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[1900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2320] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Windows\system32\wbem\wmiprvse.exe[2788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[1808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[3284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[3784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[3912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[3980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrl.exe[460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[3148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Steam\Steam.exe[3412] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Steam\Steam.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000074c1549c 5 bytes JMP 00000001000f0800
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[1252] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\igfxext.exe[3732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3692] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4480] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4624] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000074c1549c 5 bytes JMP 00000001002b0800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4016] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Windows\System32\svchost.exe[3500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[4808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f53b10 6 bytes {NOP ; JMP 0xffffffff8936cc4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f57ac0 6 bytes {NOP ; JMP 0xffffffff893688e4}
.text C:\Program Files\Internet Explorer\iexplore.exe[4796] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007714c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077151287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Users\jlynn510\Desktop\pmeyfiyu.exe[1648] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
---- EOF - GMER 2.1 ----
I also ran Hijack This, dds and Gmer after the cleaners and will post those results also. I want to know if his machine is clean now or does it need extra work? Thanks so much for your help.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by jlynn510 on Mon 02/24/2014 at 20:14:16.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-372124439-2685475776-2789169970-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\sear chprotec
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\jlynn510\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/24/2014 at 20:26:01.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*************************************************************************** *************************************
# AdwCleaner v3.019 - Report created 24/02/2014 at 20:36:19
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jlynn510 - MALACHI
# Running from : C:\Users\jlynn510\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\jlynn510\AppData\Local\NativeMessaging
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\Tasks\SaveSense.job
File Deleted : C:\Windows\System32\Tasks\SaveSense
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ccncljhbalbbkkfgopogabimepmfkmff
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\jlynn510\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [13951 octets] - [08/02/2014 11:14:15]
AdwCleaner[R1].txt - [3449 octets] - [24/02/2014 20:34:42]
AdwCleaner[S0].txt - [13451 octets] - [08/02/2014 11:15:57]
AdwCleaner[S1].txt - [3103 octets] - [24/02/2014 20:36:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3163 octets] ##########
*************************************************************************** ******************************
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.25.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
jlynn510 :: MALACHI [administrator]
2/24/2014 11:30:45 PM
MBAM-log-2014-02-25 (01-17-38).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 431555
Time elapsed: 1 hour(s), 27 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0 (PUP.Optional.BatBrowse.A) -> No action taken.
Files Detected: 34
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\hk64tbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\hktbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\InternetHelper3.6ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\ldrtbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\prxtbInt0.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\prxtbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\InternetHelper3.6\tbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProGuard.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProStart.exe.vir (PUP.Optional.OptimizerPro) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\Local\Conduit\CT3315827\I nternetHelper3.6AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\LocalLow\InternetHelper3. 6\hk64tbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\LocalLow\InternetHelper3. 6\hktbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\LocalLow\InternetHelper3. 6\ldrtbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\jlynn510\AppData\LocalLow\InternetHelper3. 6\tbInte.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\Users\jlynn510\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.Optional.DomalQ) -> No action taken.
C:\Users\jlynn510\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91467D6U\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGLEZB7S\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsg182.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsgB4B6.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsgB9E5.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsl9DC.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\4c6d496a-2770-4fa6-b80f-2a3ca022b604\spidentifierimpl.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\4c6d496a-2770-4fa6-b80f-2a3ca022b604\software\sp-downloader.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\AppData\Local\Temp\nsg8887\SpSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\jlynn510\Downloads\setup.exe (PUP.Optional.Outbrowse) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0\background .js (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0\content.js (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0\icon.png (PUP.Optional.BatBrowse.A) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0\manifest.j son (PUP.Optional.BatBrowse.A) -> No action taken.
(end)
*************************************************************************** ******************************
The next scans were run after the above scans:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:59 AM, on 2/25/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\jlynn510\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sendoriv1 - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10729 bytes
*************************************************************************** ****************************************
Part 1
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by jlynn510 at 10:15:01 on 2014-02-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1404 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {462be121-2b54-4218-bf00-b9bf8135b23f} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{774A259A-47D0-4CC7-B983-358BBE6DA3A5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{774A259A-47D0-4CC7-B983-358BBE6DA3A5}\6416374774962716666656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{774A259A-47D0-4CC7-B983-358BBE6DA3A5}\84F4D454D283831323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{774A259A-47D0-4CC7-B983-358BBE6DA3A5}\C496C6C69784F6D656D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{CDEBBA72-421B-4EA1-B91C-161801C093C8} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: PPDFViewer: {25505816-6E9E-76E9-5698-6DAE973B0192} -
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: APptoU: {7EE52866-F7BF-712F-CD31-C7FAE27F05F8} -
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Daealsoter: {E3CAE6BF-C333-D75F-230B-370175B530D9} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-1 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-11 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-11 421704]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-11 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-8 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-3-10 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-6 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-10 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-4-10 255376]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 Sendoriv1;Sendoriv1;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-10 2320920]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-8 80184]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-3-10 135560]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-10 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-10 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-10 287232]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-10 243712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-17 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-25 01:06:17 -------- d-----w- C:\Program Files (x86)\Uninstaller
2014-02-23 10:21:32 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67A42D7C-0411-4369-A3A0-31CA40444A77}\offreg.dll
2014-02-21 18:42:45 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67A42D7C-0411-4369-A3A0-31CA40444A77}\mpengine.dll
2014-02-12 22:42:05 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 22:42:05 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 22:42:05 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 22:42:05 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-08 17:20:21 -------- d-----w- C:\Windows\ERUNT
2014-02-08 16:33:12 -------- d-----w- C:\Users\jlynn510\AppData\Roaming\AVAST Software
2014-02-08 16:29:55 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-02-08 16:29:04 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-08 16:14:06 -------- d-----w- C:\AdwCleaner
2014-02-06 02:00:33 -------- d-----w- C:\Users\jlynn510\AppData\Local\Skype
2014-02-06 02:00:22 -------- d-----r- C:\Program Files (x86)\Skype
2014-01-30 20:34:55 -------- d-----w- C:\ProgramData\PPDFViewer
2014-01-30 20:34:51 -------- d-----w- C:\ProgramData\faffckfhmaaphfbahmoghkhcbcjmmgjo
.
==================== Find3M ====================
.
2014-02-20 21:51:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 21:51:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-08 16:29:48 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-02-08 16:29:48 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-02-08 16:29:48 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-08 16:29:47 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-02-08 16:29:47 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-08 16:29:46 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 10:15:36.35 ===============
Part 2
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/12/2012 12:58:01 PM
System Uptime: 2/25/2014 7:47:55 AM (3 hours ago)
.
Motherboard: Acer | | Aspire 5742
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 911/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 329.025 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP236: 2/13/2014 1:18:27 PM - Scheduled Checkpoint
RP237: 2/16/2014 3:00:11 AM - Windows Update
RP238: 2/21/2014 1:42:03 PM - Windows Update
.
==== Installed Programs ======================
.
18 Wheels of Steel - American Long Haul
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.1 MUI
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
avast! Free Antivirus
Backup Manager Basic
Bejeweled 2 Deluxe
Blackhawk Striker 2
Broadcom Gigabit NetLink Controller
Build-a-lot 2
CCleaner
Chuzzle Deluxe
CyberLink PowerDVD 9
D3DX10
Diner Dash 2 Restaurant Rescue
Disney Pirates of the Caribbean Online
DMUninstaller
Dora's Carnival Adventure
eSobi v2
ETDWare PS/2-x64 7.0.6.5_WHQL
FATE
Google Chrome
Google Update Helper
Guild Wars 2
HiDef Media Player 1.1.12
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 51
Java Auto Updater
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker Suite
NOOK for PC
NTI Media Maker 9
Penguins!
Pirate101
Plants vs. Zombies
Polar Bowler
Polar Golfer
PPDFViewer
Rainforest Adventure
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Shredder
Skype Click to Call
Skype 6.13
Steam
swMSM
The Lord of the Rings Online
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizard101
WModem Driver Installer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/25/2014 7:48:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
.
==== End Of File ===========================
*************************************************************************** ************************************
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-25 12:36:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: pmeyfiyu.exe; Driver: C:\Users\jlynn510\AppData\Local\Temp\pfldypow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033aa000 45 bytes [00, 00, 28, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033aa02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[712] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\services.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[1104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1372] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[1496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[1528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1692] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[1900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2320] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Sendori\SendoriSvc.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Windows\system32\wbem\wmiprvse.exe[2788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe[1808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[3284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[3784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[3912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[3980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrl.exe[460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[3148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Steam\Steam.exe[3412] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Steam\Steam.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000074c1549c 5 bytes JMP 00000001000f0800
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[1252] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\igfxext.exe[3732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3692] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[4360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4480] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4624] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000074c1549c 5 bytes JMP 00000001002b0800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4016] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Windows\System32\svchost.exe[3500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[4808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076f53b10 6 bytes {NOP ; JMP 0xffffffff8936cc4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076f57ac0 6 bytes {NOP ; JMP 0xffffffff893688e4}
.text C:\Program Files\Internet Explorer\iexplore.exe[4796] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e6eecd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007714c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077151287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074df1465 2 bytes [DF, 74]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074df14bb 2 bytes [DF, 74]
.text ... * 2
.text C:\Users\jlynn510\Desktop\pmeyfiyu.exe[1648] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a2ba 1 byte [62]
---- EOF - GMER 2.1 ----