Yesterday after some time on the computer - general browsing and whatnot - I noticed my homepage was changed. I never actually use homepages, so seeing Bing set when I opened a new tab seemed strange. Whatever, I know it's a virus, I'll fix this in the morning. Well, today rolls around and after altering my Chrome settings to where the homepage should otherwise be gone, it instead persists as if I didn't do anything. To make matters worse, I think it might be blocking AVG from scanning in Safe Mode; out of Safe Mode it works, but in SM, "Scan" doesn't do anything.

Suspects
This was never an issue until after I downloaded Virtual Router Plus, so I'm willing to bet that's the primary suspect. Prior to then, the last downloads I did were from Nexus mods (which scans just about any file uploaded iirc).

Other info
Access to install disc?
- Yes, though I couldn't say where the case went (disc is in the tray).

Windows version?
- Windows 7 Professional (Service pack 1)

In the .zip file I've attached, you'll find two separate Ark files. I scanned my C: and D: drives separately so as to make analyzing the two easier.

===================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17496
Run by JKrie at 14:28:29 on 2015-01-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8084.6890 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3322294&octid=EB_ORIGINAL_CTID&ISID=M84C34AD1-1591-40BC-814E-87D8E54CB96A&SearchSource=55&CUI=&UM=8&UP=SP8B125856-4C15-4A6B-8CE1-BF531680CCE0&SSPV=
mWinlogon: Userinit = userinit.exe
uRun: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
uRun: [GoogleChromeAutoLaunch_CE2937F89DFC808FE1C3584770E38EE0] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Clam Sentinel] C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
mRun: [iTunesHelper] "D:\Programs\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B703228E-E45C-4B52-ABFE-CCE6B60A2E73} : DHCPNameServer = 75.75.75.75 75.75.76.76
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-2-25 2426672]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CltMngSvc;Search Protect Service;C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2015-1-5 3342608]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-10-1 319376]
S2 SkypeUpdate;Skype Updater;"C:\Program Files (x86)\Skype\Updater\Updater.exe" --> C:\Program Files (x86)\Skype\Updater\Updater.exe [?]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\Windows\System32\drivers\CMUSBDAC.sys [2014-9-19 594944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-28 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-12-30 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-12-30 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-12-28 1255736]
.
=============== Created Last 30 ================
.
2015-01-10 22:06:09 -------- d-----w- C:\Users\JKrie\AppData\Roaming\AVG2015
2015-01-10 22:06:01 -------- d-----w- C:\Users\JKrie\AppData\Roaming\TuneUp Software
2015-01-10 22:05:58 -------- d--h--w- C:\$AVG
2015-01-10 22:05:58 -------- d-----w- C:\ProgramData\AVG2015
2015-01-10 22:05:54 -------- d-----w- C:\Program Files (x86)\AVG
2015-01-10 21:53:14 -------- d-----w- C:\Users\JKrie\AppData\Local\ElevatedDiagnostics
2015-01-10 21:50:34 -------- d-----w- C:\Windows\pss
2015-01-10 03:05:24 -------- d-----w- C:\Users\JKrie\AppData\Local\VirtualRouterPlus
2015-01-10 03:03:51 -------- d-----w- C:\Users\JKrie\AppData\Local\SearchProtect
2015-01-10 03:03:50 -------- d-----w- C:\Program Files (x86)\SearchProtect
2015-01-10 03:03:33 -------- d-----w- C:\Users\JKrie\AppData\Local\Downloaded Installations
2015-01-10 01:42:56 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{56A0711B-2357-48BE-8C5E-7AF8C4903DA9}\mpengine.dll
2015-01-04 13:05:01 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2014-12-31 00:34:05 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-12-31 00:34:05 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-12-31 00:34:05 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-12-31 00:34:05 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-12-31 00:34:05 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-12-31 00:34:05 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-12-31 00:34:05 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-12-31 00:34:04 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-12-31 00:34:04 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-12-31 00:34:04 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-12-30 13:27:06 -------- d-----w- C:\Users\JKrie\AppData\Local\Skyrim
2014-12-30 13:26:58 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2014-12-30 13:26:58 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2014-12-30 13:26:58 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2014-12-30 13:26:58 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2014-12-30 13:26:58 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2014-12-30 13:26:58 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2014-12-30 10:57:41 -------- d-----w- C:\Users\JKrie\AppData\Local\Black_Tree_Gaming
2014-12-30 09:49:15 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-30 09:44:50 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-12-30 09:43:38 -------- d-----w- C:\Windows\System32\MRT
2014-12-30 09:34:44 -------- d-sh--w- C:\Users\JKrie\IntelGraphicsProfiles
2014-12-30 09:34:43 451 ----a-w- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-12-30 09:31:53 64000 ----a-w- C:\Windows\System32\OpenCL.DLL
2014-12-30 09:31:53 60416 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2014-12-30 09:31:53 -------- d-----w- C:\Intel
2014-12-30 09:31:50 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2014-12-30 09:11:06 -------- d-----w- C:\Users\JKrie\AppData\Local\Fallout3
2014-12-30 09:10:52 -------- d-----w- C:\Windows\SysWow64\xlive
2014-12-30 09:10:52 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-12-30 01:23:50 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-30 01:23:50 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-29 11:00:21 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-12-29 11:00:21 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-12-29 05:01:15 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-12-29 05:00:19 67072 ----a-w- C:\Windows\splwow64.exe
2014-12-29 05:00:19 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-12-29 04:58:28 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-29 04:58:27 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-28 16:02:40 -------- d-----w- C:\Windows\System32\appraiser
2014-12-28 16:02:38 -------- d-----w- C:\Windows\SysWow64\Wat
2014-12-28 16:02:38 -------- d-----w- C:\Windows\System32\Wat
2014-12-28 11:58:15 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-12-28 11:58:15 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-12-28 11:58:14 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-12-28 11:58:14 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-12-28 11:50:18 -------- d-----w- C:\Windows\Migration
2014-12-28 11:38:29 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-28 11:21:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-12-28 11:07:45 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-28 11:07:45 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-28 11:07:45 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-28 11:07:45 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-28 11:07:45 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-28 11:07:45 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-28 11:07:45 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-28 11:07:45 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-28 11:07:45 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-28 11:07:45 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-28 11:06:47 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-12-28 11:06:47 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-12-28 11:06:47 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-12-28 11:06:47 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-12-28 11:06:47 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-12-28 11:06:47 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-12-28 11:06:47 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-12-28 11:02:30 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-12-28 11:02:30 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-12-28 11:02:30 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-12-28 11:00:34 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-12-28 11:00:34 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-12-28 11:00:34 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-12-28 11:00:34 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-12-28 11:00:34 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-12-28 11:00:34 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-12-28 11:00:31 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-12-28 11:00:31 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-12-28 01:26:09 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-12-28 01:13:55 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-12-28 01:12:58 515584 ----a-w- C:\Windows\System32\timedate.cpl
2014-12-28 01:11:57 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-12-28 01:10:57 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-12-28 01:09:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2014-12-28 01:04:34 -------- d-----w- C:\Users\JKrie\AppData\Local\Skype
2014-12-28 01:00:24 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-12-28 01:00:24 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-12-28 01:00:24 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-12-27 22:53:31 -------- d-----w- C:\Users\JKrie\Powersaves3DS
2014-12-27 22:53:30 -------- d-----w- C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-12-27 22:53:25 -------- d-----w- C:\Users\JKrie\AppData\Local\Programs
2014-12-27 03:22:33 -------- d-----w- C:\Windows\System32\SPReview
2014-12-19 11:00:00 -------- d-----w- C:\Windows\System32\EventProviders
2014-12-19 08:15:11 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2014-12-19 08:13:57 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
.
==================== Find3M ====================
.
2015-01-06 12:36:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
2015-01-05 08:40:28 245008 ----a-w- C:\Windows\apppatch\AppPatch64\VCLdr64.dll
2015-01-05 08:40:26 215312 ----a-w- C:\Windows\apppatch\nbin\VC32Loader.dll
2014-12-28 11:38:29 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-27 03:23:27 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-12-27 03:23:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-12-09 05:24:26 260888 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-19 05:42:04 203544 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
.
============= FINISH: 14:28:35.92 ===============

Attached Files

Attach.zip.zip (3.5 KB)

Morning all,

Hope you're well - I've had an issue ongoing for a few weeks now whereby random adverts and pop-up windows display in Google Chrome when visiting sites which in the past have never had them (E.g. EA's Battlelog).

I've googled removal of the BestSaveForYou software (including removing the extension in Google Chrome + IE, resetting settings in both, removing any suspect programs, running Malwarebytes Anti-Malware as well as Hitman Pro and MSE) but so far, it's not solved the issue. I've also reset the files within the 'etc' folder (windows\system 32\drivers\etc) as this has been reported as being a source of the issue.

I've also completely removed Google Chrome from my machine, and re-installed from scratch.

Whenever I open up Google Chrome, the BestSSavveFForYou extension is present on start-up. I run Windows 7 SP1 with MSE and Malwarebytes Anti-malware (I've removed Hitman Pro for the time being as per your guidelines in : hxxp://www.techsupportforum.com/forums/f50/new-instructions-read-this-before-posting-for-malware-removal-help-305963.html) .

I've run the DDS and have attached the 'attach' section that is requested initially to this post using WinZip. I've also attached the Gmer log files as requested. Please see my reply to this post to see the contents of the DDS report.

Any help would be greatly appreciated!

Kind regards,

Savelol

I have a trojan on a laptop that has affected the internet. It has no connections are available. Here are the results of the scans.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Marc at 23:20:28 on 2015-01-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4246 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\igfxext.exe
C:\windows\System32\rundll32.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRunOnce: [Adobe Speed Launcher] 1420874590
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\2656C6B696E6E2565683 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\2656C6B696E6E2565683E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\D41627363702E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\D41627363702E4564777F627B6E2D656469616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{13013AEE-27AB-4064-9B56-5EE9FC549EF2}\E45445745414257333 : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2014-2-21 36096]
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2013-3-7 482384]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-10-29 263960]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2014-5-27 50976]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-12-8 753704]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-11-9 3488784]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-11-9 298080]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2012-7-18 514048]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-13 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-13 969016]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-8 144672]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2013-3-7 14112]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-7 2655768]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-9-23 1820184]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2012-7-18 979456]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-12-3 3386160]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2012-12-8 163368]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2012-7-3 84480]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2012-7-3 182272]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2012-7-3 84992]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-7-18 245760]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2013-10-28 449496]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-2-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-13 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-4-13 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2013-8-12 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2013-8-12 226696]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-3-7 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-3-7 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-11-16 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2012-12-8 163368]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-2-21 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-12 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-12-3 272176]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\drivers\RtsPStor.sys [2013-8-30 356056]
S3 SmbDrvI;SmbDrvI;C:\windows\System32\drivers\Smb_driver_Intel.sys [2014-2-21 34544]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2014-5-26 16152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-7-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-09 22:35:33 -------- d-----w- C:\RegBackup
2015-01-09 21:29:16 -------- d-sh--w- C:\$RECYCLE.BIN
2015-01-09 21:18:16 98816 ----a-w- C:\windows\sed.exe
2015-01-09 21:18:16 256000 ----a-w- C:\windows\PEV.exe
2015-01-09 21:18:16 208896 ----a-w- C:\windows\MBR.exe
2015-01-08 21:58:17 -------- d-----w- C:\windows\ERUNT
2015-01-08 19:58:29 -------- d-----w- C:\Users\Marc\AppData\Roaming\Zeon
2014-12-29 13:58:22 129752 ----a-w- C:\windows\System32\drivers\5A0B7933.sys
2014-12-28 13:44:39 129752 ----a-w- C:\windows\System32\drivers\1C702092.sys
2014-12-19 16:35:20 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-19 16:35:20 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
.
==================== Find3M ====================
.
2015-01-11 06:48:36 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-12-09 19:06:16 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 19:06:16 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-11-25 17:01:42 129752 ----a-w- C:\windows\System32\drivers\059C5740.sys
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 11:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-10-30 22:34:57 0 ----a-w- C:\windows\System32\lzvwyt.dll
2014-10-30 02:35:16 263960 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2014-10-26 01:49:00 0 ----a-w- C:\windows\System32\grqmzvk.dll
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-24 20:40:35 900 --sha-w- C:\ProgramData\KGyGaAvL.sys
2014-10-23 16:45:42 129752 ----a-w- C:\windows\System32\drivers\3F2C6237.sys
2014-10-20 16:19:30 129752 ----a-w- C:\windows\System32\drivers\0CA653A4.sys
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
.
============= FINISH: 23:20:53.03 ===============

Attached Files

attach.zip (5.1 KB)

Hey there's this omiga-plus Tab everytime i re-start FireFox and Internet Explorer web browsers even if I select No-Addons - hence it's unwanted on my computer.

Earlier - before I ran some scans with Malware Anti-malware (my only anti-virus programm at the moment) it caused start-up problems with Windows Live Mail as I wanted to install Windows Live Essentials to use Mail on my desktop without needing to visit hotmail website but I ended up downloading Windows Live Essentials through an untrusted download site and it caused this problem on my hard drive now - some registry files may have been damaged and I am uncertain if it's tracking any information -

Long story cut short i want this gone and am posting the logs as soon as this scan completes.

It doesn't cause any major issue on my PC (well I don't really know that) -i just want it resolved

Requesting help removing Malware. This thread began as per instructions.

Hi
I download a shareware software then I got this add coming whenever I visit any website any click in the web page another add page open.add banners in the top and the side of every webpage I open.

so please is there any body have a fix

Thank you

Good Day

My browser homepage, normally Google, has been hijacked by Websearches. I have tried to get rid of all instances of this programme manually with out success.

Please could you assist me in getting rid of this invader

Running Win 7 64bit SP1

Thanks

MikeBac

Hi. My stepdaughter's laptop is a complete mess. My wife and i think she's been using it without any virus protection or firewall for some time. As a result (I think) she's being plagued by pop-ups and other messages which make internet browsing virtually impossible.

She's running windows 7. I tried to perform the full gmer scan, but on 2 occasions, I got the blue screen of death about 20 minutes in. So the ark.txt file is the result of the shorter scan you described.

Sorry there's not much detail here, but I honestly don't know where to start.

We've now installed Norton virus and firewall protection.

Can you help?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16700
Run by Libby at 14:50:48 on 2015-01-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3894.1257 [GMT 0:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\ProgramData\UZmAnBFmb\eLCPFdxcHGb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Users\Libby\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Libby\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Libby\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
uRun: [Super Optimizer] C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
uRun: [Bubble Dock] "C:\Users\Libby\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
uRun: [Selection Tools] "C:\Users\Libby\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\Windows\System32\LavasoftTcpService.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{422A564A-B690-4823-9494-4800A7E065CD} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5E44B1C3-19EF-4E4B-B85B-88439B42176F} : DHCPNameServer = 40.1.1.100
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Libby\AppData\Roaming\Mozilla\Firefox\Profiles\a0mizpmb.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207010.003\symds64.sys [2015-1-13 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207010.003\symefa64.sys [2015-1-13 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [2014-12-9 1587416]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20150107.001\IDSviA64.sys [2015-1-7 637656]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207010.003\ironx64.sys [2015-1-13 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207010.003\symnets.sys [2015-1-13 386168]
R2 cae99edb;SuperOptimizer Stats;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-1-13 2449592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 eLCPFdxcHGb;eLCPFdxcHGb;C:\ProgramData\UZmAnBFmb\eLCPFdxcHGb.exe [2015-1-13 2733928]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-20 13336]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [2014-12-16 1351512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2015-1-13 130008]
R2 SearchProtectionService;IE Search Set;C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2014-12-16 15208]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-20 2320920]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-4-20 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-4-20 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-11 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-1-12 142640]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-8 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-8 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-20 349800]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-4-20 329832]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2015-01-14 14:45:29 -------- d-----w- C:\ProgramData\Browser
2015-01-13 16:44:32 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symefa64.sys
2015-01-13 16:44:32 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtsp64.sys
2015-01-13 16:44:32 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symds64.sys
2015-01-13 16:44:32 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtspx64.sys
2015-01-13 16:44:32 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symnets.sys
2015-01-13 16:44:31 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\ironx64.sys
2015-01-13 16:44:13 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207010.003
2015-01-13 16:44:00 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2015-01-13 16:44:00 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2015-01-13 16:44:00 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2015-01-13 16:44:00 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2015-01-13 16:43:59 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2015-01-13 16:43:59 444752 ----a-w- C:\Windows\System32\mscoree.dll
2015-01-13 16:43:59 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2015-01-13 16:43:59 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2015-01-13 16:43:59 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2015-01-13 16:43:59 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2015-01-13 16:28:29 -------- d-----w- C:\ProgramData\VirtualizedApplications
2015-01-13 16:27:14 17340080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-01-13 16:07:21 -------- d-----w- C:\Users\Libby\AppData\Local\Macromedia
2015-01-13 16:05:28 -------- d-----w- C:\ProgramData\McAfee Security Scan
2015-01-13 16:05:27 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2015-01-13 16:05:25 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-13 16:05:25 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-13 16:04:56 -------- d-----w- C:\Users\Libby\AppData\Local\Adobe
2015-01-13 16:03:08 -------- d-----w- C:\Users\Libby\AppData\Local\Mozilla
2015-01-13 15:24:49 -------- d-----w- C:\Users\Libby\AppData\Local\Diagnostics
2015-01-13 15:14:34 -------- d-----w- C:\Users\Libby\AppData\Local\{3E92A341-8F52-4968-9F37-53EF1F8CD324}
2015-01-13 15:01:43 58368 ----a-w- C:\Windows\pfpick.dll
2015-01-13 15:01:43 37376 ----a-w- C:\Windows\kpsys32.dll
2015-01-13 15:01:43 212480 ----a-w- C:\Windows\SysWow64\pcdlib32.dll
2015-01-13 15:01:43 20992 ----a-w- C:\Windows\icccodes.dll
2015-01-13 15:01:43 196608 ----a-w- C:\Windows\kpcp32.dll
2015-01-13 15:01:43 133120 ----a-w- C:\Windows\sprof32.dll
2015-01-13 15:01:34 210944 ----a-w- C:\Windows\SysWow64\MSVCRT10.DLL
2015-01-13 15:01:16 -------- d-----w- C:\KPCMS
2015-01-13 14:58:38 306688 ----a-w- C:\Windows\IsUninst.exe
2015-01-13 14:17:11 -------- d-s---w- C:\Windows\System32\CompatTel
2015-01-13 14:17:11 -------- d-----w- C:\Windows\System32\appraiser
2015-01-13 12:29:38 -------- d-----r- C:\Program Files (x86)\Skype
2015-01-13 12:18:03 -------- d-----w- C:\Users\Libby\Tracing
2015-01-13 11:57:58 142336 ----a-w- C:\Windows\System32\poqexec.exe
2015-01-13 11:57:58 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2015-01-13 11:57:53 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-13 11:57:52 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-13 11:57:52 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-13 11:56:44 830976 ----a-w- C:\Windows\System32\appraiser.dll
2015-01-13 11:56:44 741376 ----a-w- C:\Windows\System32\invagent.dll
2015-01-13 11:56:44 413184 ----a-w- C:\Windows\System32\generaltel.dll
2015-01-13 11:56:44 396800 ----a-w- C:\Windows\System32\devinv.dll
2015-01-13 11:56:44 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-01-13 11:56:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-13 11:56:44 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2015-01-13 11:56:43 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-01-13 11:55:19 3195392 ----a-w- C:\Windows\System32\win32k.sys
2015-01-13 11:46:42 590536 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-01-13 11:44:57 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2015-01-13 11:40:32 -------- d-----w- C:\Program Files\Microsoft Office 15
2015-01-13 00:33:46 -------- d-----w- C:\Users\Libby\AppData\Roaming\Super Optimizer
2015-01-13 00:29:41 -------- d-----w- C:\Users\Libby\AppData\Roaming\WTools
2015-01-13 00:29:00 -------- d-----w- C:\Users\Libby\AppData\Roaming\Nosibay
2015-01-13 00:28:33 -------- d-----w- C:\Program Files (x86)\Super Optimizer
2015-01-13 00:28:32 -------- d-----w- C:\Users\Libby\AppData\Local\WebGuard
2015-01-13 00:28:30 -------- d-----w- C:\Users\Libby\AppData\Local\Programs
2015-01-13 00:28:18 -------- d-----w- C:\ProgramData\WebGuard
2015-01-13 00:28:07 -------- d-----w- C:\ProgramData\UZmAnBFmb
2015-01-13 00:27:37 -------- d-----w- C:\searchplugins
2015-01-13 00:27:27 -------- d-----w- C:\Users\Libby\AppData\Local\Lavasoft
2015-01-13 00:27:21 358736 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
2015-01-13 00:27:20 312424 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
2015-01-13 00:26:54 -------- d-----w- C:\Program Files (x86)\Lavasoft
2015-01-13 00:26:14 -------- d-----w- C:\Users\Libby\AppData\Local\Google
2015-01-12 23:40:39 -------- d-----w- C:\Users\Libby\AppData\Roaming\SoftGrid Client
2015-01-12 23:40:39 -------- d-----w- C:\Users\Libby\AppData\Local\SoftGrid Client
2015-01-12 23:39:31 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-01-12 23:39:17 -------- d-----w- C:\Users\Libby\AppData\Roaming\TP
2015-01-12 23:02:11 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2015-01-12 22:59:50 -------- d-----w- C:\Users\Libby\AppData\Local\Windows Live
2015-01-12 22:59:43 895088 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-01-12 22:59:35 42168 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-01-12 22:59:33 -------- d-----w- C:\Users\Libby\AppData\Local\{3454D3E4-5F02-4A34-8C0F-EA60A084882A}
2015-01-12 22:59:31 710992 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-01-12 22:59:19 -------- d-----w- C:\Users\Libby\AppData\Roaming\Windows Live Writer
2015-01-12 22:59:19 -------- d-----w- C:\Users\Libby\AppData\Local\Windows Live Writer
2015-01-12 22:48:29 -------- d-----w- C:\HP_TOOLS_mountHPSF
2015-01-12 21:26:34 1397248 ----a-w- C:\Windows\SysWow64\win_utilman.exe
2015-01-12 21:26:34 -------- d-----w- C:\Users\Libby\AppData\Roaming\PictureMover
2015-01-12 21:26:31 -------- d-----w- C:\Users\Libby\AppData\Roaming\_MDLogs
2015-01-12 21:25:41 -------- d-----w- C:\Users\Libby\AppData\Local\Broadcom
2015-01-12 21:25:39 -------- d-----w- C:\Users\Libby\AppData\Roaming\Intel Corporation
2015-01-12 21:25:36 -------- d-----w- C:\Users\Libby\AppData\Roaming\hpqLog
2015-01-12 21:25:34 -------- d-----w- C:\Users\Libby\AppData\Roaming\Synaptics
2015-01-12 21:24:34 -------- d-----w- C:\Users\Libby\AppData\Local\RemEngine
2015-01-12 21:20:55 -------- d-----w- C:\Users\Libby\AppData\Local\CrashDumps
2015-01-12 21:20:48 -------- d-----w- C:\Users\Libby\AppData\Local\Hewlett-Packard
2015-01-12 21:20:37 -------- d-----w- C:\Users\Libby\AppData\Local\Hewlett-Packard_Company
2015-01-12 21:03:58 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DC28661-604F-499B-BE18-88DC6D5BE652}\mpengine.dll
2015-01-12 21:03:57 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-18 14:27:46 82432 ----a-w- C:\Users\Libby\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2014-12-18 14:27:46 1275392 ----a-w- C:\Users\Libby\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2014-12-16 14:12:26 44544 ----a-w- C:\Users\Libby\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
.
==================== Find3M ====================
.
2015-01-12 22:59:07 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-12-13 01:50:38 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2014-12-13 01:50:38 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2014-12-12 23:22:40 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2014-12-12 23:22:40 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2014-11-06 02:44:31 309760 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2014-11-06 02:30:07 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 14:51:21.87 ===============

Attached Files

attach.zip (5.0 KB)

I seem to get Avast blocking a lot with these kind of messages (see attachments) popup on my avast-

Attachment 214570

Attachment 214578

What should I do to prevent this from happenning and get rid of them?

Seems my I.E. browser is infected with Trojans ?

Should I scan with Malwarebytes ?

Thanks

Attached Thumbnails

 

Attached Images

 

I have recently noticed my browser's a little sluggish at times so checked start-up and noticed two new additions

'GamingWonderland - AppIntegrator 32-bit' and ''GamingWonderland - AppIntegrator 64-bit' . No idea how they got there.

The command is - C:\PROGRA~2\GAMING~2\bar\1.bin\AppIntegrator.exe
The Location is - HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

A Norton,MalwareBytes and windows malicious removal scan scan did nothing,there's no noticeable program to uninstall in control panel and after a system restore they were still there.

Is this a problem and if so any ideas how to get rid?

Thanks.

Windows 7
IE 11

Hi, I originally posted on another thread (my original message is included below) and they told me to repost here. I haven't done the steps yet because I had a couple questions first. Will it be possible to restore my files at all or are they just gone forever? Since posting earlier the virus has now ruined my excel files also. All my files end in the word 'kanlgum'. I was also trying to back stuff up and now all the files on my external hard drive have the same problem. So I am wondering if I should just reload my computer if all my files are forever gone? But if I can get them back, that would be really good because I lost some really important stuff that I now don't have backed up anymore. Also, what is a good antivirus program to use? We have several computers and I need a good program on them. Below is what I originally typed on my first message:

Hello, I have a computer that still has windows xp on it and it has been having some issues lately. I think it may have picked up a virus. All my jpg pictures have been changed and now they won't open. They now all end in jpg.kanlgum. Do you know what this is and is there a way to fix it? I was using avast and I deleted that and now I am trying the 30 day free trial of AVG and it keeps popping up constantly saying it found something. I ran a full scan and it took 2 days to get to 96% done and then had an error. Any advice on what I should do? And what is the best antivirus program to use?

Thanks, Deanna

Good afternoon. I had originally posted this issue on the Windows XP Support forum but they redirected me to the Virus/Trojan/Spyware Help forum. I have a Dell Latitude laptop running XP Professional that was just given to me by a friend because nobody could get it to work for him. When I first tried to use it, I could not get online with any browser, even though I had a network connection. I ran an Avast scan and found that the netbt.sys file was infected with the Alureon-AMS trojan. I quarantined the file. I confirmed that the file was no longer available with a Fabar Services Scan. That scan also detected that there were registry settings missing. I know that I need an uncorrupted copy of netbt at the very least but I do not have an XP recovery disc. I am not sure where to get this missing file or where to put it when I do find it somewhere and I will not attempt any registry changes without help. Right now the computer is just stuck in the "acquiring network address" loop.

I ran a dds scan ... here are the logs:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by x at 14:31:12 on 2015-01-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.406 [GMT -5:00]
.
AV: Norton Business Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Business Suite *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\rasautou.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton business suite\engine\4.0.0.127\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton business suite\engine\4.0.0.127\IPSBHO.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CallingID LinkAdvisor 2.0 BHO: {FBF2401B-7447-4727-BE5D-C19B2075CA84} - c:\program files\callingid\callingidlinkadvisor2.0\toolbar\CallingIDIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: CallingID LinkAdvisor 2.0: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - c:\program files\callingid\callingidlinkadvisor2.0\toolbar\CallingIDIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton business suite\engine\4.0.0.127\CoIEPlg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: CallingID LinkAdvisor 2.0: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - c:\program files\callingid\callingidlinkadvisor2.0\toolbar\CallingIDIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton business suite\engine\4.0.0.127\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [cdloader] "c:\documents and settings\x\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [UIUCU] c:\docume~1\x\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f6d4050\v1\BelkinWCUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263257227789
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263257411446
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{27E8629D-76F4-4EC3-B1A0-C267C57E4282} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - c:\program files\callingid\callingidlinkadvisor2.0\toolbar\CallingIDToolbar.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: ShellHook Class - {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - c:\program files\callingid\callingidlinkadvisor2.0\linkadvisor\CIDLinkAdvisor.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2015-1-15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2015-1-15 206248]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0400000.07f\SymDS.sys [2011-9-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0400000.07f\SymEFA.sys [2011-9-26 172592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-1-15 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-1-15 422760]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20091205.001\BHDrvx86.sys [2011-9-26 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0400000.07f\cchpx86.sys [2011-9-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0400000.07f\Ironx86.sys [2011-9-26 116272]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-1-15 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-1-15 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2015-1-15 50344]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20091105.001\IDSxpx86.sys [2011-9-26 329592]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\MBAMSwissArmy.sys [?]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110212.004\naveng.sys [2011-9-26 86008]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110212.004\navex15.sys [2011-9-26 1360760]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2015-1-15 637952]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2012-6-15 890016]
.
=============== Created Last 30 ================
.
2015-01-16 19:18:14 -------- d-----w- c:\documents and settings\all users\application data\Avira
2015-01-16 06:57:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2015-01-16 06:52:47 -------- d-----w- C:\TDSSKiller_Quarantine
2015-01-16 04:37:00 -------- d-----w- c:\documents and settings\x\application data\AVAST Software
2015-01-16 04:31:32 -------- d-----w- c:\windows\jumpshot.com
2015-01-16 04:30:41 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-01-16 04:30:39 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-01-16 04:30:39 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-01-16 04:30:38 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-01-16 04:30:35 787800 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-01-16 04:30:25 43152 ----a-w- c:\windows\avastSS.scr
2015-01-16 04:29:32 -------- d-----w- c:\program files\AVAST Software
2015-01-16 04:28:30 -------- d-----w- C:\TEMP
2015-01-16 04:28:29 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2015-01-15 18:53:13 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2015-01-15 18:52:19 637952 ----a-w- c:\windows\system32\drivers\rt2870.sys
2015-01-15 18:52:19 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2015-01-15 18:52:14 -------- d-----w- c:\program files\Belkin
.
==================== Find3M ====================
.
.
============= FINISH: 14:46:53.92 ===============

I will post the ark.txt and attach.txt files as soon as GMER is done scanning.

Any help offered would be greatly appreciated

Here are the attach.txt and ark.txt files

Attached Files

attach.zip (7.4 KB)

I recently bought a new ASUS laptop with windows 8 and I'm suddenly struggling with tons of ads in all of my internet browsers. There's an edeals ad on certain words on every webpage and new tabs will open with warnings and advertisements.

Here's what I have done so far:
-Ran Malwarebytes
-Ran Adware Removal
-Uninstalled any program that I didn't recognize
-Reset Chrome and uninstalled all extensions

Nothing has worked. Please help me!

I cannot open Mcafee virus scan. I click the icon and an hour glass appears for a second and then goes away. I tried to remove and re-install and I get a "software restriction policy error"

Well I think I have a bug in my system. It takes a very long time to boot. Mind you I do run a lot of stuff on my laptop, but this is crazy slow. When it does come up, I have to always click on my ESET icon to start it. It will not start on its own like it is set to do. Also when you click on a program, it will sit there for a long time in the "Not Responding" state. Also sometimes Firefox will start to flicker around the borders like a ghost is in it. Here are the log files from the test you had me run. Now mind you there is a screen shot for the DDS test for it would not run. Thank you for any help you can give me. And yes I have a Windows 8.1 disk.

Marv

Attached Files

	DDS error when running.zip (9.4 KB)
	01-18-2015 ark.zip (768 Bytes)
	01-18-2015 c drive only ark.zip (597 Bytes)

Hey Everybody - Anytime I open a webiste, or click anywhere on my computer for that mater, Ill get an ad popup and things on my google drive are not even working. I've tried using an anti malware. I download it, but when I open it a small box immediately opens with what looks like a long list of nonsense. What do I do!?

Hi,
i have a strange issue in my files ..... All files extension converted to .impovae.
for example accounting.pdf.impovae, personal.docx.impovae fun.jpg.impovae, i tried to remove the extension (.impovae) the file didn't open and send a message that the file damage.
i tried to scan by AVG, kaspersky antivirus, Malwarebytes !! and they didn't found any thing.
any Ideas and sorry for my English.

So I said to my buddy, sure I'll fix your laptop for you because he was complaining about viruses and adds everywhere.

So I downloaded MalwareBytes and did a scan, and removed all 2200 virus' and 8 where indeed Trojans.

Then I go onto Chrome to see if its fixed and of course it wouldnt let me access the internet. I googled it and tried a few things but nothing seems to work...

I would greatly appriciate some help as my pal thinks I've now broke his laptop :P


I will attach a FSS log to help but I also will sit and refresh this page every 10minutes so I can respond ASAP.

Thank you

Attached Files

FSS.txt (2.9 KB)

New computer running Windows 8.1 and Google chrome + I E.
Tried to download supposedly trusted program and immediately infected with vosteran.
Cannot download D D S. I get message does not run in compatibility mode. Compatibility mode is turned off in Google. vosteran has disabled the tool bars in I E . I was able to change Google back to default. I have downloaded FRST as per instructions given by SUNJOJO on Dec 13 and attach logs . GMER will not run. Message it is running elsewhere. I cannot see it in a task manager Please help.

Attached Files

	FRST.zip (19.2 KB)
	Addition.zip (8.3 KB)

Hi TSF,

I have a new Lenovo Yoga 2 laptop (core i5 4202Y, 128 SSD, 4GB ram) that I purchased about 3 months ago. Its running windows 8.1 and seems to be somewhat sluggish especially when I'm browsing the web. Seems to freeze on pages (including gmail inbox). I'm wondering if there is anything I can do about this.

I tried to be all ready to post with a dds log gmer but dds does not seem to work on windows 8. Please let me know the steps I need to take and I'll be happy to oblige so we can [at the minimum] just check to see that everything is working fine.

Thank you!