Thanks first for the help.

I am having an error message turning up continually

C:\windows\winsxS\x86_microsoft.vc80.crt_1fc8b2b9a1e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll is either not designed to run on windows or it contains an error. try installing the program again using the original installationmedia or contact your system admin or the software vendor for support.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239
Run by andrwe alien at 19:34:31 on 2014-09-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.12170.8492 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\MySQL\bin\mysqld-nt.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\Program Files (x86)\uBBMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\andrwe alien\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
D:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.alienwarearena.com/welcome-au
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - D:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
uRun: [MobileDocuments] D:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Sound Blaster Recon3Di Control Panel] "c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r
mRun: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [FATrayAlert] D:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [FAStartup] <no file>
StartupFolder: C:\Users\ANDRWE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\andrwe alien\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ANDRWE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - D:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - D:\Program Files (x86)\uBBMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2575CBD8-833B-430D-A8BD-B9700D0008FB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2575CBD8-833B-430D-A8BD-B9700D0008FB}\34869627F67457563747 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2575CBD8-833B-430D-A8BD-B9700D0008FB}\E6F6274697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C3C36608-11AE-454E-805E-F07297AAE300} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{EC54526E-3F8C-4C63-90EF-3F5CD14B74ED} : DHCPNameServer = 211.29.132.12 61.88.88.88
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: FastAccess - D:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - D:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-11-26 31872]
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-27 16752]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-26 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-14 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-14 348552]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-11-26 22128]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2014-9-7 67808]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-6-16 14704]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-26 235520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-10 659968]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-22 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-22 1104208]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-18 135952]
R2 CtHdaSvc;Sound Core3D Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2012-11-26 122880]
R2 FAService;FAService;D:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2012-2-14 2451440]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-29 335064]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-11 627936]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-26 161560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-15 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-11-29 560128]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-29 335064]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-29 335064]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-29 335064]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-11-29 335064]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2014-9-7 76064]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2014-9-7 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-11-26 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-26 189912]
R2 MOBKbackup;McAfee Online Backup Service;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2014-5-20 184168]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-5 503080]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2013-6-26 145448]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2012-11-26 1695040]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-26 363800]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-10 195584]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-22 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-1 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-1 747008]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-14 72128]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-11-26 176000]
R3 cthda;Sound Core3D(CtHda.sys);C:\Windows\System32\drivers\CtHda.sys [2012-11-26 1052760]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-2-15 60928]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-26 331264]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-11-26 14652768]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-26 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-26 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-26 108656]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-14 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-14 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-3-18 441264]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-11-26 340584]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2012-11-26 67184]
S2 0181191410254666mcinstcleanup;McAfee Application Installer Cleanup (0181191410254666);C:\Windows\TEMP\018119~1.EXE -cleanup -nolog --> C:\Windows\TEMP\018119~1.EXE -cleanup -nolog [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/11/26 04:39:27;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-6-26 242448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-26 13592]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-10 195584]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-26 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-26 79360]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-9-7 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-11-26 224704]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-3-18 96592]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-19 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-6-29 16152]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-29 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-19 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-12-15 201304]
.
=============== Created Last 30 ================
.
2014-09-09 02:50:11 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-09 02:49:06 -------- d-----w- C:\AdwCleaner
2014-09-07 10:06:52 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2014-09-07 10:06:50 67808 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2014-09-07 10:06:50 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2014-09-07 10:06:49 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2014-09-07 10:06:48 76064 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2014-09-07 10:06:47 -------- d-----w- C:\Users\andrwe alien\AppData\Local\McAfee File Lock
2014-09-07 08:57:31 -------- d-----w- C:\Users\andrwe alien\AppData\Roaming\McAfee
2014-08-29 21:16:06 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-29 21:16:06 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 03:36:48 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-08-29 03:36:48 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-28 22:07:13 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 22:07:13 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 22:07:13 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-27 11:18:59 -------- d-----w- C:\Program Files\iPod
2014-08-27 11:18:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-27 11:18:58 -------- d-----w- C:\Program Files\iTunes
2014-08-26 10:56:00 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-26 10:55:56 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-26 10:55:56 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-26 10:55:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-26 10:55:55 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-26 10:55:55 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-26 10:55:55 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-19 01:17:24 -------- d-----w- C:\Windows\CheckSur
2014-08-14 17:00:28 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 17:00:28 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 17:00:28 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 17:00:28 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 17:00:28 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 17:00:28 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 17:00:25 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 17:00:25 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 12:15:37 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-08-14 12:15:37 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-14 12:15:37 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-14 12:15:37 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-08-14 12:05:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 12:05:25 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 12:05:22 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-14 12:05:22 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-14 12:05:22 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-14 12:05:22 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-14 12:05:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-14 12:05:21 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-14 12:05:21 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-14 12:05:06 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-14 11:59:41 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 11:59:41 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 11:54:23 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 11:54:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M ====================
.
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-09 11:53:32 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 11:53:32 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-30 12:33:55 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2014-06-29 07:22:16 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-06-29 07:22:16 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-06-29 02:50:08 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-06-20 00:38:22 72128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-06-20 00:31:06 348552 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-06-20 00:30:38 189912 ----a-w- C:\Windows\System32\mfevtps.exe
2014-06-20 00:26:02 786296 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-06-20 00:23:40 523792 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-06-20 00:21:48 313544 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-06-20 00:20:54 181704 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
.
============= FINISH: 19:35:20.91 ===============
not sure if I can find the reboot disc.

Thanks
Nordy

Attached Files

	attach.zip (12.6 KB)
	ark.zip (1.9 KB)

Hello,

So I get with the times and get a new computer. New computers mean new problems. What are you gonna do?

So I go to a website that requires Java 7 whatever, we can get to the specifics later if you need them. Seeing as how this is a new computer, a new browser and everything else I went ahead and downloaded the Java program. And now I'm getting "App of the Day" pop ups in the bottom right hand corner, the clock corner, in chrome. AVG is so uninstalled after this. It's amazing how inpatient and intolerant I am of this as it's not so bad compared to some of the nastys I've gotten in the past, but it's there and I want it dead.

I'm wondering if it could have been bundled with the Java or if it was already on my computer and it needed Java to run...I don't know. I have hijack this and well...I'll just await further instruction. Thumbnail below of what I'm dealing with. It's NOT in control panel so I can't uninstall it. I can uninstall Java, but I need that, apparently. I've scanned with AVG and an adware program called adw cleaner...I saw it in my search for solutions because i hate Malware bytes but it was no better. It just hung and hung. If I need to wait something out, I'm willing to do that but now's not the time. I'm willing to uninstall and reinstall either Chrome or Java if I can be rid of it that easily, though I doubt that very much.

Earlier today I visited a lyrics website which are notoriously bad (I know), but after I visited, I noticed a file on my desktop called Deleteme!!!

As I remember it had no extension but it did have 66kb when viewing its properties.

I did not delete it because that seemed too obvious. I instead did a system restore and after doing so the file was gone.

Have you guys ever seen this before? Am I safe with my methodology?
Should I do anything else?

Thanks guys/gals

Dan

Hello TSF staff, last 3 days something's going on with my computer, every time I log in, my default browser opens alone and it redirects to www.gamerharbor.org.

I did scan with Avast & Malwarebytes Anti-Malware, but the problem persists, please help!

Greetings.

After ongoing intermediate network connection drops, an extremely sluggish Win7SP1 x64 i3 Core with 6GB RAM system, and viewing multiple entries of the below 4 (RIM MDNS) errors in the Application logs of the Event Viewer I ran Malwarebytes and was notified of 6 threats (PUP.Optional.Softonic.A, PUP.Optional.OpenCandy, PUP.Optional.Spigot.A) I come to you for help to remove whatever it is on this machine. Listed after the error details is the Malwarebytes log. Attached is the requested information along with a screenshot of the Potential Threats screen of Malwarebytes. Please let me know if any further information is required for assistance. Thank you in advance for any and all assistance with this matter.

Jayson

Log Name: Application
Source: RIM MDNS
Date: 9/12/2014 12:28:04 AM
Event ID: 100
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Morgan-PC
Description:
Client application bug: DNSServiceResolve(Friendly_3CF4C0715C614CF5_CBA37C6AE8A14494._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="RIM MDNS" />
<EventID Qualifiers="0">100</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-09-12T05:28:04.000000000Z" />
<EventRecordID>49899</EventRecordID>
<Channel>Application</Channel>
<Computer>Morgan-PC</Computer>
<Security />
</System>
<EventData>
<Data>Client application bug: DNSServiceResolve(Friendly_3CF4C0715C614CF5_CBA37C6AE8A14494._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.</Data>
</EventData>
</Event>

Log Name: Application
Source: RIM MDNS
Date: 9/12/2014 12:15:50 AM
Event ID: 100
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Morgan-PC
Description:
Task Scheduling Error: m->NextScheduledSPRetry 1107
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="RIM MDNS" />
<EventID Qualifiers="0">100</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-09-12T05:15:50.000000000Z" />
<EventRecordID>49897</EventRecordID>
<Channel>Application</Channel>
<Computer>Morgan-PC</Computer>
<Security />
</System>
<EventData>
<Data>Task Scheduling Error: m-&gt;NextScheduledSPRetry 1107</Data>
</EventData>
</Event>

Log Name: Application
Source: RIM MDNS
Date: 9/12/2014 12:15:50 AM
Event ID: 100
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Morgan-PC
Description:
Task Scheduling Error: m->NextScheduledEvent 1107
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="RIM MDNS" />
<EventID Qualifiers="0">100</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-09-12T05:15:50.000000000Z" />
<EventRecordID>49896</EventRecordID>
<Channel>Application</Channel>
<Computer>Morgan-PC</Computer>
<Security />
</System>
<EventData>
<Data>Task Scheduling Error: m-&gt;NextScheduledEvent 1107</Data>
</EventData>
</Event>

Log Name: Application
Source: RIM MDNS
Date: 9/12/2014 12:15:50 AM
Event ID: 100
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Morgan-PC
Description:
Task Scheduling Error: Continuously busy for more than a second
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="RIM MDNS" />
<EventID Qualifiers="0">100</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-09-12T05:15:50.000000000Z" />
<EventRecordID>49895</EventRecordID>
<Channel>Application</Channel>
<Computer>Morgan-PC</Computer>
<Security />
</System>
<EventData>
<Data>Task Scheduling Error: Continuously busy for more than a second</Data>
</EventData>
</Event>

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 9/11/2014
Scan Time: 8:53:01 PM
Logfile: Morgan-Malwarebytes Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.11.08
Rootkit Database: v2014.09.10.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: CB50205

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 691880
Time Elapsed: 2 hr, 16 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-2149558826-3324038498-27948981-121107-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [669a15d74833f0469a4822fba95a5ca4],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-2149558826-3324038498-27948981-121107-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, Yahoo Search - Web Search, Good: (Google), Bad: (Yahoo Search - Web Search),,[ac5445a7c2b93303dd6821ce8f751ae6]

Folders: 3
PUP.Optional.OpenCandy, C:\Users\cb50205\AppData\Roaming\OpenCandy, , [a0603fadc6b545f1156ff7d75da5926e],
PUP.Optional.OpenCandy, C:\Users\cb50205\AppData\Roaming\OpenCandy\9F346BF034514AF999112C5CB67DDA9A, , [a0603fadc6b545f1156ff7d75da5926e],
PUP.Optional.OpenCandy, C:\Users\cb50205\AppData\Roaming\OpenCandy\OpenCandy_9F346BF034514AF999112C5CB67DDA9A, , [a0603fadc6b545f1156ff7d75da5926e],

Files: 1
PUP.Optional.OpenCandy, C:\Users\cb50205\AppData\Roaming\OpenCandy\9F346BF034514AF999112C5CB67DDA9A\SkypeSetupFull-6.18.0.106.exe, , [a0603fadc6b545f1156ff7d75da5926e],

Physical Sectors: 0
(No malicious items detected)


(end)

Attached Thumbnails

 

Attached Files

attach.zip (5.1 KB)

I can't run it to provide the required logs.

I'm running Windows 8.1

Hi there Tech Support!

For a good month now I have been dealing with this nasty thing on my Computer which has actually spread to my girlfriends Macbook as well. Random Popups, underlined words that mostly link to mysearchdirectory.com, annoying popups on Steam and not being able to click 'next' on steam or upvote/downvote on reddit for example.

I have tried nearly anything. Spybot S&D, Ad-Aware, Avira, Microsoft Essentials, Hitman Pro, Malwarebytes and so on. I have tried starting my Computer in safe mode but the underlined adds are still there. (they are mostly on Reddit)

- They will show up on Opera and Chrome and no extensions are responsible for them.
- I do not have any Software installed that can be associated with searchdirect etc. adware
- The steam popups are mostly about my Java version and want to direct me to update javascript etc.
- I followed instructions to get rid of Router virusses - download new firmware, reset, new pw, install firmware, new pw again - didn't help either. I am so out of ideas and do not know what to do...

Here are my problems:



I looked through Hijackthis but couldn't find anything suspicious but here is the log:

I was editing some home video files and my computer was running very slow. I edited the files, then tried to run them with WMV. I got an error message, "server execution failed". Kept getting it over and over.

Perplexed, I opened google chrome to google what this meant. Chrome would not open, same error -- "server execution failed." I thought I should try a system restore, but I can't do that either -- I don't remember the exact error (it wasn't server execution failed) but it was something like invalid path.

My young adult son is on the computer now, on his account. The local files on his account run fine but he can't run chrome on his account either.

I'm posting this here because I suspect something malevolent is at work. What info should I provide?

I recently posted the message below and an administrator responded to please follow the standard steps before asking for security help, then closed the thread.

I'm very sorry folks but I can't follow the standard steps -- when I try to run programs I get one of the two following messages:

Server execution failed

or

Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

(Please note my account is an admin account on my pc.)

Not sure what to do next. Original message follows.




I was editing some home video files and my computer was running very slow. I edited the files, then tried to run them with WMV. I got an error message, "server execution failed". Kept getting it over and over.

Perplexed, I opened google chrome to google what this meant. Chrome would not open, same error -- "server execution failed." I thought I should try a system restore, but I can't do that either -- I don't remember the exact error (it wasn't server execution failed) but it was something like invalid path.

My young adult son is on the computer now, on his account. The local files on his account run fine but he can't run chrome on his account either.

I'm posting this here because I suspect something malevolent is at work. What info should I provide?

My mom has concerns that her computer has malware due to slow boot times and a slow browser (Chrome).
Thanks for looking this over.
Becky

DDS results:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by linda at 19:48:58 on 2014-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1614 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Users\linda\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
StartupFolder: C:\Users\linda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\linda\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: DisableLockWorkstation = dword:1
uPolicies-System: DisableChangePassword = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1677820A-FB3D-4973-A508-D9B2D717087F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1677820A-FB3D-4973-A508-D9B2D717087F}\2375942554634393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1677820A-FB3D-4973-A508-D9B2D717087F}\2375942554735393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1677820A-FB3D-4973-A508-D9B2D717087F}\2375942554839373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1677820A-FB3D-4973-A508-D9B2D717087F}\2454655425C495D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1677820A-FB3D-4973-A508-D9B2D717087F}\D4943425F44554C453 : DHCPNameServer = 68.1.18.229 68.1.18.30
TCP: Interfaces\{1BFE8842-8968-4036-9E1F-199A590C42CF} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\windows\SysWOW64\ezShellStart.exe,
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: <No Name>: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - LocalServer32 - <no file>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\linda\AppData\Roaming\Mozilla\Firefox\Profiles\5udbwlwk.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL -
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2011-11-23 18:55; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-7-18 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-7-18 39008]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-7-18 13408]
R1 eamonm;eamonm;C:\windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-2-24 1343408]
R2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 ezSharedSvc;Easybits Services for Windows;C:\windows\System32\ezSharedSvcHost.exe --> C:\windows\System32\ezSharedSvcHost.exe [?]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-18 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-27 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-27 860472]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-4-30 16000]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-4-30 157264]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-18 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-18 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-7-18 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-8-27 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-8-27 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-8-27 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-1-15 245760]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-7-23 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-7-18 299520]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-7-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-7-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-25 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-14 20:05:37 -------- d-----w- C:\Users\linda\AppData\Local\{1221531F-C86A-40F4-9E92-70393030FD89}
2014-09-13 12:31:06 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B17DC71F-4298-41E8-A8D4-B2FEEB82A67C}\offreg.dll
2014-09-12 19:28:18 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B17DC71F-4298-41E8-A8D4-B2FEEB82A67C}\mpengine.dll
2014-09-12 14:41:17 -------- d-----w- C:\002cee40c0132429a0
2014-09-12 14:13:39 2777088 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2014-09-12 14:13:39 2285056 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 23:00:41 -------- d-----w- C:\Users\linda\AppData\Local\{F087E2D3-EE43-42F8-BDA8-4E07D4AC2DCF}
2014-09-10 18:51:30 1031168 ----a-w- C:\windows\System32\TSWorkspace.dll
2014-09-10 18:51:28 793600 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
2014-09-10 18:50:55 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-09-10 18:50:55 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-09-10 18:50:14 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-09-10 18:50:14 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-09-10 18:50:14 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-09-10 18:50:13 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-09-10 18:50:13 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-09-10 18:50:01 578048 ----a-w- C:\windows\System32\aepdu.dll
2014-09-10 18:49:59 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-09-08 17:58:14 -------- d-----w- C:\Users\linda\AppData\Local\{B623B2BC-49D6-46D2-BD54-D61A26397F53}
2014-09-05 16:44:13 -------- d-----w- C:\Users\linda\AppData\Local\{C1B4F0DA-4E8C-4B30-BF93-DD6898DB75A9}
2014-09-04 23:47:35 -------- d-----w- C:\Users\linda\AppData\Local\{B8E5EC2B-713F-4A5C-9AC9-E97BC3971158}
2014-09-04 23:47:23 -------- d-----w- C:\Users\linda\AppData\Local\{384C404B-B067-4DC1-967A-E2AE701DDC52}
2014-08-28 21:20:21 -------- d-----w- C:\ProgramData\Nero
2014-08-28 21:20:09 -------- d-----w- C:\Program Files (x86)\Seagate
2014-08-27 21:55:26 -------- d-----w- C:\Users\linda\AppData\Local\{57C991F7-AC0C-43F4-9FD8-D4AE7B8032CB}
2014-08-27 20:10:41 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-27 20:10:41 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-08-27 20:10:41 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-27 20:05:01 -------- d-----w- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
2014-08-27 20:03:09 -------- d-----w- C:\ProgramData\Qualcomm Atheros
2014-08-27 19:42:48 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-08-27 19:41:42 -------- d-----w- C:\AdwCleaner
2014-08-27 19:17:05 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-27 19:16:39 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-27 19:16:39 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-27 19:16:39 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-27 19:16:39 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-27 19:16:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 18:15:19 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-27 17:13:47 -------- d-----w- C:\Users\linda\AppData\Local\ESET
2014-08-26 15:23:59 -------- d-----w- C:\Users\linda\AppData\Local\{727E476C-AF2C-43CB-BD1D-70AA68E07E09}
2014-08-25 11:56:13 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-24 16:01:27 -------- d-----w- C:\Users\linda\AppData\Local\{9683664E-E1F6-4F24-A63B-E4757B0E60AC}
2014-08-24 16:00:47 -------- d-----w- C:\Users\linda\AppData\Local\{DD93841A-6754-461F-8C81-22170C7D0842}
2014-08-23 19:49:01 -------- d-----w- C:\Users\linda\AppData\Local\{98935B0E-C3CA-434C-B565-E63838148871}
2014-08-21 12:47:46 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-21 12:47:46 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-21 12:47:45 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-21 12:47:45 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-21 12:47:44 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-21 12:47:44 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-21 12:47:25 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-21 12:47:25 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-20 21:30:56 -------- d-----w- C:\Program Files\iPod
2014-08-20 21:30:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-20 21:30:53 -------- d-----w- C:\Program Files\iTunes
2014-08-20 20:44:08 -------- d-----w- C:\Users\linda\AppData\Local\{8C23E423-F7DA-44AB-9444-73DE9D4FCFE3}
2014-08-20 13:32:14 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-20 13:32:14 2048 ----a-w- C:\windows\System32\tzres.dll
2014-08-20 13:31:59 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-08-20 13:31:59 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-20 13:31:59 3241984 ----a-w- C:\windows\System32\msi.dll
2014-08-20 13:31:59 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-20 13:31:59 1941504 ----a-w- C:\windows\System32\authui.dll
2014-08-20 13:31:59 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-08-20 13:31:59 112064 ----a-w- C:\windows\System32\consent.exe
2014-08-20 13:31:53 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-20 13:27:07 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-20 13:27:07 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
.
==================== Find3M ====================
.
2014-09-10 18:51:51 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 18:51:51 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\windows\SysWow64\wininet.dll
2014-08-05 13:20:00 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-07-25 06:35:46 875688 ----a-w- C:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\windows\System32\msvcr120_clr0400.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
.
============= FINISH: 19:51:36.35 ===============

Attached Files

	attach.zip (3.8 KB)
	ark.zip (2.0 KB)

Hi,

Thanks in advance for any help you can give!

I've been experiencing a lot of problems with connectivity and surfing, often when opening pages it comes back saying "Unable to connect to the web" and will take several attempts at pressing refresh before it will work again, sometimes working well for a few pages before being very difficult again. Generally my laptop is also running a fair bit slower as well.

I'll take any help you can give!

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.51.2
Run by Saeed at 9:50:52 on 2014-09-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.3182 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Online Armor\OAui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Saeed\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\spotimote\spotimote.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saeed\AppData\Roaming\Spotify\spotify.exe
C:\Users\Saeed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Saeed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Saeed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Saeed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Saeed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
C:\Users\Saeed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Saeed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WLANExt.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Saeed\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [f.lux] "C:\Users\Saeed\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spotify Web Helper] "C:\Users\Saeed\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [spotimote] "C:\Program Files (x86)\spotimote\spotimote.exe" C:\Program Files (x86)\spotimote\
uRun: [GoogleChromeAutoLaunch_C597C7D91B81FDD162B9C4FBC064ED32] "C:\Users\Saeed\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{54943000-0916-46A3-94B4-2684E086D5AD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{54943000-0916-46A3-94B4-2684E086D5AD}\244584572653D2856385A4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{54943000-0916-46A3-94B4-2684E086D5AD}\244584F6D65684572623D2B47564B4F5548545 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{54943000-0916-46A3-94B4-2684E086D5AD}\35B4959373333303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{54943000-0916-46A3-94B4-2684E086D5AD}\4514C4B44514C4B4D2134383245343 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{54943000-0916-46A3-94B4-2684E086D5AD}\5454D224279676864724F687D2231653163633 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{54943000-0916-46A3-94B4-2684E086D5AD}\77C616E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{853EC2E6-C066-43A4-A421-E6268C9D2E77} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\OAui.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-10 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-10 224896]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-12-26 781312]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-4-3 343568]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-8 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-7-9 21616]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-10 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-4-10 427360]
R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2012-11-19 64720]
R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2012-11-19 62008]
R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2012-11-19 52360]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-9 98208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-10 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-26 50344]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-9-5 178048]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-9-5 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-9-5 182752]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2014-4-9 4357488]
R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\OAcat.exe [2013-10-15 584864]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-7-8 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-22 378472]
R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\OAsrv.exe [2013-10-15 4457688]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-8 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-7-9 27760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-10-8 176000]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-9 317440]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-4-3 310224]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-4-3 519192]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-7-9 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-7-9 181760]
R3 OAnet;OnlineArmor Service;C:\Windows\System32\drivers\OAnet.sys [2012-11-19 35368]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-7-9 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-5 328928]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-5 328928]
S2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-5 328928]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-5 328928]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-10 92008]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-4-3 70112]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-1-23 197704]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-9 158976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-7-9 121960]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-09-13 01:32:33 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1167FFB6-B8DF-42E3-B1DF-8EDC2C4D4DAE}\offreg.dll
2014-09-12 23:36:27 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1167FFB6-B8DF-42E3-B1DF-8EDC2C4D4DAE}\mpengine.dll
2014-09-12 02:11:00 360448 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-09-12 02:11:00 259584 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-09-12 02:01:15 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-12 02:01:15 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 19:48:32 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 19:48:30 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 19:48:04 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 19:48:04 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 19:47:47 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 19:47:46 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 19:47:46 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 19:47:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 19:47:45 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 19:47:41 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 19:47:40 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-29 17:24:30 -------- d-----w- C:\Users\Saeed\AppData\Roaming\PopcornTime
2014-08-28 12:21:56 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 12:21:56 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 12:21:56 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-26 16:27:17 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-08-26 16:27:08 43152 ----a-w- C:\Windows\avastSS.scr
.
==================== Find3M ====================
.
2014-09-10 04:12:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 04:12:27 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-10 04:12:15 17328816 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-08-26 16:27:10 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-08-26 16:27:10 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-08-26 16:27:10 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-26 16:27:10 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-08-26 16:27:10 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-08-26 16:27:10 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-05 08:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 01:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
.
============= FINISH: 9:53:05.54 ===============

Attached Files

	ark.zip (9.4 KB)
	attach.zip (3.1 KB)

a few days ago i ran a scan and there were 32 viruses
i got rid of these but computer is still running slow
any help would be much appreciated

Hello TSF staff, last 3 days something's going on with my computer, every time I log in, my default browser opens alone and it redirects to www.gamerharbor.org.

I did scan with Avast & Malwarebytes Anti-Malware, but the problem persists, please help!

Hi, yesterday I downloaded a freeware DVD burner (top rated on PC magazine) and when I downloaded and ran the installer norton immediately blocked a supposed trojan, so I stopped the installer at the first window, deleted it, and went on with my day. Later I noticed that my homepage for all my browsers had been hijacked by bing. No matter what I did it kept coming back up.
Eventually I found a program that was recently installed (I don't remember the name, but it was generic) so I uninstalled it, reset some of my settings, and everything was good, until I noticed norton block another trojan. At that moment a window popped up saying that windows could not find ytd.exe in my temp\install_#### (random numbers) directory. I then went through and cleared my non essential temp files but the ytd.exe was blocked by norton in another install_#### directory with different numbers.
After a while I had a few of these directories in my temp folder and they continue to appear at a random time. Norton always automatically quarantines the ytd.exe and says the threat is either a trojan or "goobzo". After scanning my processes, installed programs, and program files x86 folder I decided to try and use system restore. However, after loading up system restore I found that I didn't have any restore points. This I found very odd since they are created automatically and kept for a good bit and I had just that day installed a game from steam which should have caused the system to create a restore point.
I'm worried that I might have a malicious program that is attempting to download and install more malware secretly by running these ytd.exe files in my temp directory and that it deleted all of my restore points in order to keep me from getting rid of it easily. I've run a scan with norton that turned up nothing but I keep getting blocked trojans and errors saying that windows can't find these blocked files. I'm at a loss on how to attempt to track down and eliminate this virus so if anyone can help me I'd be extremely grateful.

Also if it helps I'm running Windows 7 home premium 64 bit with the latest updates.

Hello TSF, One of the most respected communities on the internet, heroic I must add.

I have had posted here before and have my problems resolved, i am having one again, I am experiencing slow browsing, even the GMER.exe had to be downloaded via a VPN.
-------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by Psio at 15:01:25 on 2014-09-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3317.1913 [GMT 5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\ProgramData\CharJi EVO\OnlineUpdate\ouc.exe
C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\CharJi EVO\CharJi EVO.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Razer\Lachesis 5600\LachesisSysTray.exe
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Users\Psio\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Hotspot Shield\bin\hsscp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hotspot Shield\bin\af_proxy_cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hotspot Shield\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hotspot Shield\bin\fbwmgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hotspot Shield\bin\fbw.exe
C:\Program Files\Hotspot Shield\bin\fbw.exe
C:\Program Files\Hotspot Shield\bin\fbw.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.us.com/v/2/?guid={F3EFB0A8-424E-4713-8C76-039B4347E9CA}&serpv=17
uDefault_Page_URL = hxxp://search.us.com/v/2/?guid={F3EFB0A8-424E-4713-8C76-039B4347E9CA}&serpv=17
uProxyServer = hxxp=127.0.0.1:8555;https=127.0.0.1:8555
uProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
uRun: [uTorrent] "c:\users\psio\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Wondershare Helper Compact.exe] "c:\program files\common files\wondershare\wondershare helper compact\WSHelperSetup.exe"
uRun: [GoogleChromeAutoLaunch_155C386C43597D4A43CA95FE82403925] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Razer Lachesis Driver] c:\program files\razer\lachesis 5600\LachesisSysTray.exe
mRun: [VMSnap3] c:\windows\VMSnap3.exe
mRun: [Domino] c:\windows\Domino.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{598DFB1B-A8E1-448C-81CE-6DDE08599A1D} : NameServer = 182.176.32.29 119.159.255.36
TCP: Interfaces\{64D09A72-59F2-408A-BD34-76CA52C84E0F} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{7AC50C25-A9ED-48AC-87AF-F5EFE1CB3B1D} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{9664AEDF-E8FB-42F0-B420-5AA9ED0AAA57} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{ED6E7E2E-2072-43C9-87D9-F01AEC075170} : NameServer = 210.2.181.6,210.2.177.7
TCP: Interfaces\{ED6E7E2E-2072-43C9-87D9-F01AEC075170} : DHCPNameServer = 62.113.218.106 8.8.8.8
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.120\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\psio\appdata\roaming\mozilla\firefox\profiles\lx9486hm.default-1390572488719\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2014-5-17 39624]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-1-16 217600]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\cmw_srv.exe [2014-5-17 919040]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2013-2-6 276048]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\mobilebrserv\mbbService.exe [2014-1-28 239696]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2014-1-16 2320920]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-1-16 86656]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2011-8-22 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2011-8-22 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2011-8-22 72792]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2014-1-16 224424]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2014-9-17 11904]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2014-9-17 381952]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2014-9-17 77824]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2014-5-7 37064]
S2 CharJi EVO. RunOuc;CharJi EVO. OUC;c:\program files\charji evo\updatedog\ouc.exe [2014-9-17 656976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MgAssistService;MgAssist Service;c:\program files\mobogenie\mgassist.exe --> c:\program files\mobogenie\MgAssist.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2014-1-16 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2011-8-22 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2011-8-22 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2011-8-22 72792]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-4-28 80184]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2014-9-17 95232]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2014-6-2 480128]
S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\drivers\usbVM303.sys [2014-6-2 1472768]
.
=============== Created Last 30 ================
.
2014-09-17 18:28:51 95232 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2014-09-17 18:28:51 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2014-09-17 18:28:51 77824 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2014-09-17 18:28:51 70528 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2014-09-17 18:28:51 381952 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2014-09-17 18:28:51 27776 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2014-09-17 18:28:51 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-09-17 18:28:51 208384 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2014-09-17 18:28:51 199168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-09-17 18:28:51 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2014-09-17 18:28:51 11904 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-09-17 18:28:51 101248 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2014-09-17 16:06:21 -------- d-----w- c:\users\psio\appdata\local\My Games
2014-09-16 21:47:50 -------- d-----w- c:\programdata\CharJi EVO
2014-09-16 21:47:20 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-09-16 21:47:20 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-09-16 21:46:35 -------- d-----w- c:\program files\CharJi EVO
2014-09-16 21:46:19 -------- d-----w- c:\programdata\DatacardService
2014-09-05 01:41:41 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{989a0a3e-6ddc-4b43-abf7-d292f42182b1}\offreg.dll
.
==================== Find3M ====================
.
2014-09-14 22:33:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-14 22:33:51 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 15:02:07.79 ===============

Attached Files

Attach.zip (5.3 KB)

Hello, this search snacks adware keeps reinstalling itself on my computer and i have no idea how. I have uninstalled it numerous times, and performed system scans with Avira and Malwayrebytes, followed my ccleaner. It would detect stuff and i would delete it. But after a few hours, i find that search snacks is back on my computer again. It keeps redirecting to me to random sites. I have also disabled it on my extensions as well as having reset my browser settings. How do i get rid of this permanently? I feel like i have done everything






DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Brenick at 13:27:56 on 2014-09-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8136.6361 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brenick\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 172.16.128.11 172.16.128.10
TCP: Interfaces\{4080BF46-6A74-4114-ACAD-FE8B1ACC4769} : DHCPNameServer = 172.16.128.11 172.16.128.10
TCP: Interfaces\{FF73CCBF-08F7-4E3E-B045-82F7884B4D79} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-8-21 20464]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-9-10 28600]
R1 netfilter64;netfilter64;C:\Windows\System32\drivers\netfilter64.sys [2014-7-31 46376]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-9-10 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-9-10 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-9-10 117712]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-8-27 160048]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-22 1720792]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-22 18973144]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-22 411936]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-8-21 383472]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-8-21 795120]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-8-22 32344]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-22 20440]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-22 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-22 888536]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2014-5-19 33448]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2014-5-19 31400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-14 111616]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2014-8-22 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2014-8-22 41280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-22 1255736]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\System32\drivers\WPN111vx.sys [2014-8-22 1075712]
.
=============== Created Last 30 ================
.
2014-09-17 02:28:32 -------- d-----w- C:\Program Files\HitmanPro
2014-09-17 02:24:38 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-17 02:19:35 -------- d-----w- C:\Windows\ERUNT
2014-09-15 02:29:16 -------- d-sh--w- C:\$RECYCLE.BIN
2014-09-15 02:00:26 98816 ----a-w- C:\Windows\sed.exe
2014-09-15 02:00:26 256000 ----a-w- C:\Windows\PEV.exe
2014-09-15 02:00:26 208896 ----a-w- C:\Windows\MBR.exe
2014-09-15 01:17:04 70144 ----a-w- C:\Windows\SysWow64\tasks.dll
2014-09-14 07:20:24 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-14 07:20:24 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-14 07:17:40 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-14 07:17:40 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-14 07:17:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-14 07:17:32 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-14 07:16:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-14 07:16:51 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-14 07:16:51 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-14 07:16:51 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-14 07:16:51 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-14 07:16:47 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-14 07:16:47 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-13 04:07:31 -------- d-----w- C:\Program Files (x86)\Techsnab
2014-09-11 01:48:59 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-09-11 01:47:51 -------- d-----w- C:\Users\Brenick\AppData\Roaming\Avira
2014-09-11 01:47:12 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2014-09-11 01:47:12 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-09-11 01:45:37 -------- d-----w- C:\ProgramData\Avira
2014-09-11 01:45:37 -------- d-----w- C:\Program Files (x86)\Avira
2014-09-11 01:17:03 -------- d-----w- C:\Program Files (x86)\GetPrivate
2014-09-11 01:17:01 -------- d-----w- C:\Users\Brenick\AppData\Roaming\GetPrivate
2014-09-09 15:28:35 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC1866F7-8F70-4F35-AE9A-9D86DBC07024}\mpengine.dll
2014-09-05 05:45:40 -------- d-----w- C:\Program Files\CCleaner
2014-09-05 03:19:04 -------- d-sh--w- C:\Users\Brenick\AppData\Local\EmieUserList
2014-09-05 03:19:04 -------- d-sh--w- C:\Users\Brenick\AppData\Local\EmieSiteList
2014-09-02 21:07:10 -------- d-----w- C:\Users\Brenick\AppData\Local\ElevatedDiagnostics
2014-09-02 21:01:49 -------- d-----w- C:\Users\Brenick\AppData\Local\Diagnostics
2014-09-01 02:03:18 -------- d-----w- C:\Users\Brenick\AppData\Roaming\Mumble
2014-09-01 01:52:16 -------- d-----w- C:\Program Files (x86)\Mumble
2014-08-28 01:19:24 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 01:19:24 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 01:19:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-26 23:24:56 -------- d-----w- C:\Users\Brenick\AppData\Local\SCE
2014-08-25 00:26:51 -------- d-----w- C:\Users\Brenick\AppData\Local\Razer
2014-08-24 05:43:25 -------- d-----w- C:\Users\Brenick\AppData\Roaming\LolClient
2014-08-24 05:13:09 -------- d-----w- C:\Users\Brenick\AppData\Local\Microsoft Games
2014-08-24 04:42:29 -------- d-----w- C:\ProgramData\Riot Games
2014-08-24 04:41:11 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-08-24 04:41:11 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-08-24 04:41:08 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-08-24 04:40:04 -------- d-----w- C:\Riot Games
2014-08-24 04:38:20 -------- d-----w- C:\Users\Brenick\AppData\Local\PMB Files
2014-08-24 04:38:19 -------- d-----w- C:\ProgramData\PMB Files
2014-08-24 04:38:17 -------- d-----w- C:\Program Files (x86)\Pando Networks
2014-08-24 04:37:57 -------- d-----w- C:\Users\Brenick\AppData\Roaming\Riot Games
2014-08-22 23:46:55 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-08-22 23:46:55 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-08-22 23:46:42 67072 ----a-w- C:\Windows\splwow64.exe
2014-08-22 23:46:42 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-08-22 20:06:38 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-08-22 20:06:38 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-08-22 20:06:38 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-08-22 20:06:38 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-08-22 19:58:47 -------- d-----w- C:\Windows\Migration
2014-08-22 19:45:36 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-22 19:28:04 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-08-22 19:25:18 -------- d-----w- C:\Windows\System32\MRT
2014-08-22 18:49:57 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-22 18:49:57 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-22 18:49:57 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-22 18:49:57 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-22 18:49:57 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-22 18:49:57 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-22 18:49:44 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-22 18:49:44 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-22 18:49:24 -------- d-s---w- C:\Windows\System32\CompatTel
2014-08-22 17:20:45 -------- d-----w- C:\Users\Brenick\AppData\Roaming\NVIDIA
2014-08-22 17:20:40 -------- d-----w- C:\Program Files (x86)\GPU-Z
2014-08-22 15:46:03 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-08-22 15:46:03 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-08-22 15:46:03 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-08-22 15:46:03 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-08-22 15:46:03 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-08-22 15:44:52 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-08-22 15:43:59 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-22 15:32:53 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-08-22 15:31:57 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-08-22 15:30:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-22 15:30:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-22 15:30:46 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-08-22 15:30:46 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-08-22 15:30:41 209920 ----a-w- C:\Windows\System32\profsvc.dll
2014-08-22 15:30:36 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2014-08-22 15:30:36 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2014-08-22 15:30:36 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2014-08-22 15:25:01 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-08-22 15:23:52 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-08-22 15:23:52 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-08-22 15:23:52 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-08-22 15:23:52 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-08-22 15:23:52 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-08-22 15:23:52 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-08-22 15:23:48 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-08-22 15:23:46 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-08-22 15:21:58 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2014-08-22 15:20:38 331776 ----a-w- C:\Windows\System32\oleacc.dll
2014-08-22 15:19:00 77312 ----a-w- C:\Windows\System32\packager.dll
2014-08-22 15:19:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-08-22 15:12:01 -------- d-----w- C:\Program Files\005
2014-08-22 14:43:31 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-08-22 14:14:45 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-08-22 14:14:44 -------- d-----w- C:\Program Files (x86)\Steam
2014-08-22 14:09:17 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-08-22 14:09:17 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-08-22 14:09:17 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-08-22 14:09:17 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-08-22 14:09:17 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-08-22 14:09:17 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-08-22 14:09:05 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-08-22 14:09:05 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-22 14:09:05 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-08-22 14:09:05 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-22 14:09:04 -------- d-----w- C:\Users\Brenick\AppData\Local\NVIDIA Corporation
2014-08-22 13:54:50 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-08-22 13:54:50 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-08-22 13:54:50 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-08-22 13:54:07 -------- d-----w- C:\Users\Brenick\AppData\Local\Google
2014-08-22 13:53:38 -------- d-----w- C:\Users\Brenick\AppData\Local\Deployment
2014-08-22 13:53:38 -------- d-----w- C:\Users\Brenick\AppData\Local\Apps
2014-08-22 13:52:13 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-22 13:51:59 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-22 13:51:59 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-22 13:51:59 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-22 13:51:59 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-22 13:51:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 13:51:49 -------- d-----w- C:\Users\Brenick\AppData\Local\Programs
2014-08-22 13:46:31 43328 ----a-w- C:\Windows\System32\drivers\PCAMp50a64.sys
2014-08-22 13:46:31 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
2014-08-22 13:46:31 1075712 ----a-w- C:\Windows\System32\drivers\WPN111vx.sys
2014-08-22 13:46:31 -------- d-----w- C:\Program Files (x86)\NETGEAR
2014-08-22 13:37:57 -------- d-----w- C:\Users\Brenick\AppData\Local\NVIDIA
2014-08-22 13:22:55 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-08-22 13:22:55 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-08-22 13:22:55 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-08-22 13:22:55 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-08-22 13:22:55 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-08-22 13:22:55 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-08-22 13:22:55 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-08-22 13:22:45 75040 ----a-w- C:\Windows\System32\OpenCL.dll
2014-08-22 13:22:45 61912 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-08-22 13:22:42 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-08-22 13:22:40 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-08-22 13:19:39 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-08-22 13:19:39 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-08-22 13:19:39 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-08-22 13:19:37 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-08-22 13:19:34 965312 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-08-22 13:19:31 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
2014-08-22 13:19:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
2014-08-22 13:19:30 14498552 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2014-08-22 13:19:23 3196816 ----a-w- C:\Windows\System32\nvapi64.dll
2014-08-22 13:19:23 2814656 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-08-22 13:18:56 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-08-22 13:15:52 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2014-08-22 13:15:46 -------- d-----w- C:\Intel
2014-08-22 13:09:11 888536 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-08-22 13:09:11 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-08-22 13:09:11 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-08-22 13:06:50 -------- d-sh--w- C:\Windows\Installer
2014-08-22 13:06:50 -------- d-----w- C:\ProgramData\Package Cache
2014-08-22 09:00:41 -------- d-----w- C:\Windows\Panther
2014-08-22 07:26:20 -------- d-----w- C:\Windows\SysWow64\Wat
2014-08-22 07:26:20 -------- d-----w- C:\Windows\System32\Wat
2014-08-22 07:23:04 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-08-22 07:23:04 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-08-22 07:23:04 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-08-22 07:23:04 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-08-22 07:23:04 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-08-22 07:23:04 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-08-22 07:23:04 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-08-22 07:18:56 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-08-22 07:18:55 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-08-22 07:18:55 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-08-22 04:44:57 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2014-08-21 17:37:36 795120 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2014-08-21 17:37:36 383472 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2014-08-21 17:37:35 20464 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2014-08-21 17:37:35 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
.
==================== Find3M ====================
.
2014-08-22 19:45:36 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-11 20:31:46 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-08-11 20:31:46 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-08-05 13:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-31 20:20:42 46376 ----a-w- C:\Windows\System32\drivers\netfilter64.sys
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-15 11:01:14 4012632 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2014-07-15 07:30:32 950488 ----a-w- C:\Windows\System32\RCoInstII64.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-11 07:10:24 2000152 ----a-w- C:\Windows\System32\MBAPO264.dll
2014-07-11 07:10:20 1728792 ----a-w- C:\Windows\SysWow64\MBAPO232.dll
2014-07-09 08:57:18 2808024 ----a-w- C:\Windows\System32\RltkAPO64.dll
2014-07-07 06:07:00 2860760 ----a-w- C:\Windows\System32\RtPgEx64.dll
2014-07-04 03:07:24 1024728 ----a-w- C:\Windows\System32\RtkApi64.dll
.
============= FINISH: 13:28:24.16 ===============

Attached Files

New Compressed (zipped) Folder.zip (2.6 KB)

So i have just bought Kaspersky Internet Security, and the first step is obviously to download the file, but my IDM keeps on saying that " no such host is known ". I have uninstalled my AntiMalware software, so I dont really understand whats the problem is. I cant even download the file, so how am i supposed to install it?

I just built a new computer and so far it only has support software for it's various components, one game, and a bunch of freeware utilities on it. Most of the utilities I've known and used for years. However, I was trying to resolve a sound issue and tried a couple of new utilities for that and I think that's where I got dinged.

Anyway, the offending malware is PUP.Optional.Spigot.A and it's located in chrome preferences directory. The path is:

C:\Users\micro_000\AppData\Local\Google\Chrome\User Data\Default\Preferences

I found it using MalwareBytes which recommended quarantine. I followed the directions and thought I was through but it showed up again in the next scan. I made several attempts but I cannot remove the malware this way.

Any help would be greatly appreciated.



Please note: dds.scr says it cannot run in compatibility mode and will not run on my system.



I have my Windows 8.1 installation CD.

Attached Files

archive.zip (1.8 KB)

explorer always opens up to ask.com. why can't I change it to my own option?

I believe I have a zbot virus because all the files names are similar

I ran combofix but it says it a rootkit and restarts but it comes back

I ran germ but it blue screens before it is done

here is the combo fix file

the user james I can not find even in dos

I ran tddskiller too but it did not help

I would like to get reed of the user james but I can not find the user


ComboFix 14-09-18.01 - Harvey Jones 09/21/2014 15:38:31.7.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1277 [GMT -4:00]
Running from: c:\users\Harvey Jones\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Symantec Endpoint Protection *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Symantec Endpoint Protection *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\AppData\Roaming\64dlls.exe
c:\users\James\AppData\Roaming\intel64.exe
c:\users\James\AppData\Roaming\Kernel32.exe
c:\users\James\AppData\Roaming\localsys64.exe
c:\users\James\AppData\Roaming\ntos.exe
c:\users\James\AppData\Roaming\oembios.exe
c:\users\James\AppData\Roaming\sdra64.exe
c:\users\James\AppData\Roaming\sdra73.exe
c:\users\James\AppData\Roaming\swin32.exe
c:\users\James\AppData\Roaming\twex.exe
c:\users\James\AppData\Roaming\twext.exe
c:\users\James\AppData\Roaming\win32avs.exe
c:\users\James\AppData\Roaming\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-08-21 to 2014-09-21 )))))))))))))))))))))))))))))))
.
.
2014-09-21 19:53 . 2014-09-21 19:55 -------- d-----w- c:\users\Harvey Jones\AppData\Local\temp
2014-09-21 19:53 . 2014-09-21 19:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-21 19:53 . 2014-09-21 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-18 11:53 . 2014-09-18 11:53 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-09-18 11:53 . 2014-09-18 11:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-09-18 11:48 . 2014-09-18 11:48 421232 ----a-w- c:\windows\system32\SymVPN.dll
2014-09-18 11:48 . 2014-09-18 11:48 363376 ----a-w- c:\windows\system32\sysfer.dll
2014-09-18 11:48 . 2014-09-18 11:48 33744 ----a-w- c:\windows\system32\drivers\WGX.SYS
2014-09-18 11:48 . 2014-09-18 11:48 136560 ----a-w- c:\windows\system32\FwsVpn.dll
2014-09-18 11:48 . 2014-09-18 11:48 128096 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2014-09-18 11:48 . 2014-09-18 11:48 11632 ----a-w- c:\windows\system32\sysferThunk.dll
2014-09-18 11:48 . 2014-09-18 11:48 -------- d-----w- c:\programdata\regid.1992-12.com.symantec
2014-09-18 11:47 . 2014-09-18 11:47 -------- d-----w- c:\windows\system32\drivers\SEP
2014-09-18 11:47 . 2014-09-18 11:47 -------- d-----w- c:\program files\Symantec
2014-09-18 10:32 . 2014-09-18 10:32 -------- d-----w- c:\users\Harvey Jones\AppData\Local\Mozilla
2014-09-18 09:48 . 2014-09-18 09:48 -------- d-----w- c:\programdata\Malwarebytes
2014-09-18 09:48 . 2014-09-18 09:48 -------- d-----w- c:\users\Harvey Jones\AppData\Local\Programs
2014-09-17 01:43 . 2014-09-21 10:03 -------- d-----w- c:\users\Harvey Jones\AppData\Local\CrashDumps
2014-09-16 23:10 . 2014-09-16 23:10 -------- d-----w- c:\users\Harvey Jones\AppData\Local\Symantec
2014-09-16 22:40 . 2014-09-16 22:40 -------- d-----w- c:\programdata\Symantec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-16 23:18 . 2014-05-13 01:34 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-16 23:18 . 2014-05-13 01:34 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-31 08:32 . 2014-07-31 08:32 81824 ----a-w- c:\windows\system32\drivers\Teefer.sys
2014-07-31 08:31 . 2014-07-31 08:31 342232 ----a-w- c:\windows\system32\drivers\SEP\0C011010\103C.105\x86\symnets.sys
2014-07-31 08:31 . 2014-07-31 08:31 936152 ----a-w- c:\windows\system32\drivers\SEP\0C011010\103C.105\x86\SymEFA.sys
2014-07-31 08:31 . 2014-07-31 08:31 367704 ----a-w- c:\windows\system32\drivers\SEP\0C011010\103C.105\x86\SymDS.sys
2014-07-31 08:21 . 2014-07-31 08:21 175832 ----a-w- c:\windows\system32\drivers\SEP\0C011010\103C.105\x86\Ironx86.sys
2014-07-31 08:20 . 2014-07-31 08:20 134744 ----a-w- c:\windows\system32\drivers\SEP\0C011010\103C.105\x86\ccSetx86.sys
2014-07-31 08:19 . 2014-07-31 08:19 657112 ----a-w- c:\windows\system32\drivers\SEP\0C011010\103C.105\x86\srtsp.sys
2014-07-31 08:19 . 2014-07-31 08:19 32344 ----a-w- c:\windows\system32\drivers\SEP\0C011010\103C.105\x86\srtspx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-20 1594664]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-20 83240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\SyDvCtrl32.sys [2014-07-31 29216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-05-12 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C011010\103C.105\x86\SYMDS.SYS [2014-07-31 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C011010\103C.105\x86\SYMEFA.SYS [2014-07-31 936152]
S1 BHDrvx86;BHDrvx86;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\BASHDefs\20140913.012\BHDrvx86.sys [2014-09-13 1101616]
S1 ccSettings_{27226ED0-B7A0-49E4-82DE-02FF10AC5C5A};Symantec Endpoint Protection 12.1.4112.4156.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C011010\103C.105\x86\ccSetx86.sys [2014-07-31 134744]
S1 IDSVix86;IDSVix86;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\IPSDefs\20140919.011\IDSvix86.sys [2014-09-17 395992]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C011010\103C.105\x86\Ironx86.SYS [2014-07-31 175832]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C011010\103C.105\x86\SYMNETS.SYS [2014-07-31 342232]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe [2014-07-31 144496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3120)
c:\windows\System32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\Smc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2014-09-21 16:02:22 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-21 20:02
ComboFix2.txt 2014-09-18 14:30
ComboFix3.txt 2014-09-18 11:43
ComboFix4.txt 2014-09-18 09:39
.
Pre-Run: 164,037,963,776 bytes free