I was told by writhziden of the Microsoft Team to post here for help with a malware instance that he found while troubleshooting a BSOD issue with me. He noted that he found an instance of WinVd32.sys, which came up as malware for him.
I have never heard of it personally and I currently use MSE along with an occasional scan from Malware Bytes, which turns up nothing.
Our original topic can be viewed: here
Here is the contents of the dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_37
Run by Owner at 21:12:17 on 2013-02-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7220 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\program\soffice.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\program\soffice.bin
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=902615&fr=spigot-yhp-ie
uProxyOverride = 127.0.0.1:9421;<local>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [F.lux] "C:\Users\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\program\quickstart.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{80EB784C-E69D-478E-A588-2691E9475E8D} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{80EB784C-E69D-478E-A588-2691E9475E8D}\14E64627567737 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{80EB784C-E69D-478E-A588-2691E9475E8D}\24C4554584 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{80EB784C-E69D-478E-A588-2691E9475E8D}\E414D494D2B414A554F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A73C98BE-2C23-4000-888F-FEDD2F6E9CC8} : NameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Linksys Wireless Manager] "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: WB - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06zgwko4.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\System32\npdeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
FF - ExtSQL: 2013-01-18 17:27; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-18 17:27; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-18 17:27; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-26 04:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06zgwko4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-01-26 04:00; {239cc760-75a9-4276-b1fc-c0ceb963f373}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06zgwko4.default\extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi
FF - ExtSQL: !HIDDEN! 2010-08-16 16:11; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-1-24 17720]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\dddskx64.sys [2010-2-22 26024]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2009-12-14 196608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-1 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-1 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-1-2 109168]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2012-12-18 352144]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-8-8 24176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-19 712704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 Arctosa;Arctosa Keyboard;C:\Windows\System32\drivers\Arctosa.sys [2009-5-12 20480]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 SilvrLnk;SilverLink (USB GraphLink) Cable;C:\Windows\System32\drivers\silvrlnk.sys [2012-2-8 129536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-6-12 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-02-22 03:07:57 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-02-20 21:55:54 -------- d-----w- C:\ProgramData\Ralink Driver
2013-02-20 21:55:09 315904 ----a-w- C:\Windows\SysWow64\Difxf98f.rra
2013-02-20 21:54:33 109480 ----a-w- C:\Windows\System32\drivers\jraid.sys
2013-02-20 19:44:21 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B8B2021-F08C-4C5F-A107-5782D98AE400}\mpengine.dll
2013-02-20 02:27:27 -------- d-----w- C:\Program Files (x86)\Seagate
2013-02-19 08:51:38 -------- d-----w- C:\Program Files\Gpotato
2013-02-19 04:13:50 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-18 21:12:49 -------- d-----w- C:\Program Files (x86)\Geeks3D
2013-02-18 06:03:01 -------- d-----w- C:\Program Files (x86)\Belarc
2013-02-15 02:39:12 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-02-15 02:39:12 4102656 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2013-02-15 02:39:12 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2013-02-15 02:39:12 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
2013-02-15 02:39:11 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2013-02-15 02:39:07 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-02-13 09:02:26 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 09:02:26 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 06:08:03 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 06:08:01 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 06:08:00 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 06:07:51 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 06:07:49 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 06:07:48 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 06:07:48 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 06:07:47 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 06:07:47 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 06:07:47 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 06:07:43 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 06:07:43 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-28 18:33:00 -------- d-----w- C:\ProgramData\boost_interprocess
2013-01-28 18:32:59 -------- d-----w- C:\Users\Owner\AppData\Local\Plex Media Server
2013-01-26 09:47:35 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-26 09:43:04 -------- d-----w- C:\_OTL
2013-01-25 05:48:36 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-01-25 05:48:30 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
.
==================== Find3M ====================
.
2013-02-20 21:57:20 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-02-20 21:57:20 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-02-20 21:57:20 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-02-20 21:57:20 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-02-20 21:26:46 5642 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-02-07 23:06:56 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 23:06:56 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 21:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 21:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 21:12:55.18 ===============
I ran the files that were asked for in the link provided and attached them in the zip file. (when first running gmer, I accidentally saved my log in .log format. When I noticed my mistake, I went back to try and resave it as ark.txt as you asked, I didn't get the same prompts and after scanning it said it did not see anything. My original attempt that I saved as gmer.log pulled at least 4 instances. I hope this is usable as I have attached both.
I also do not have access to a windows boot disk.
Thank you for your help
I have never heard of it personally and I currently use MSE along with an occasional scan from Malware Bytes, which turns up nothing.
Our original topic can be viewed: here
Here is the contents of the dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_37
Run by Owner at 21:12:17 on 2013-02-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7220 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\program\soffice.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\program\soffice.bin
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=902615&fr=spigot-yhp-ie
uProxyOverride = 127.0.0.1:9421;<local>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [F.lux] "C:\Users\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\program\quickstart.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{80EB784C-E69D-478E-A588-2691E9475E8D} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{80EB784C-E69D-478E-A588-2691E9475E8D}\14E64627567737 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{80EB784C-E69D-478E-A588-2691E9475E8D}\24C4554584 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{80EB784C-E69D-478E-A588-2691E9475E8D}\E414D494D2B414A554F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A73C98BE-2C23-4000-888F-FEDD2F6E9CC8} : NameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Linksys Wireless Manager] "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: WB - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06zgwko4.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\System32\npdeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
FF - ExtSQL: 2013-01-18 17:27; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-18 17:27; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-18 17:27; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-26 04:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06zgwko4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-01-26 04:00; {239cc760-75a9-4276-b1fc-c0ceb963f373}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06zgwko4.default\extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi
FF - ExtSQL: !HIDDEN! 2010-08-16 16:11; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-1-24 17720]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\dddskx64.sys [2010-2-22 26024]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2009-12-14 196608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-1 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-1 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-1-2 109168]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2012-12-18 352144]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-8-8 24176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-19 712704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 Arctosa;Arctosa Keyboard;C:\Windows\System32\drivers\Arctosa.sys [2009-5-12 20480]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 SilvrLnk;SilverLink (USB GraphLink) Cable;C:\Windows\System32\drivers\silvrlnk.sys [2012-2-8 129536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-6-12 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-02-22 03:07:57 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-02-20 21:55:54 -------- d-----w- C:\ProgramData\Ralink Driver
2013-02-20 21:55:09 315904 ----a-w- C:\Windows\SysWow64\Difxf98f.rra
2013-02-20 21:54:33 109480 ----a-w- C:\Windows\System32\drivers\jraid.sys
2013-02-20 19:44:21 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B8B2021-F08C-4C5F-A107-5782D98AE400}\mpengine.dll
2013-02-20 02:27:27 -------- d-----w- C:\Program Files (x86)\Seagate
2013-02-19 08:51:38 -------- d-----w- C:\Program Files\Gpotato
2013-02-19 04:13:50 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-18 21:12:49 -------- d-----w- C:\Program Files (x86)\Geeks3D
2013-02-18 06:03:01 -------- d-----w- C:\Program Files (x86)\Belarc
2013-02-15 02:39:12 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-02-15 02:39:12 4102656 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2013-02-15 02:39:12 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2013-02-15 02:39:12 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
2013-02-15 02:39:11 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2013-02-15 02:39:07 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-02-13 09:02:26 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 09:02:26 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 06:08:03 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 06:08:01 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 06:08:00 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 06:07:51 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 06:07:49 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 06:07:48 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 06:07:48 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 06:07:47 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 06:07:47 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 06:07:47 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 06:07:43 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 06:07:43 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-28 18:33:00 -------- d-----w- C:\ProgramData\boost_interprocess
2013-01-28 18:32:59 -------- d-----w- C:\Users\Owner\AppData\Local\Plex Media Server
2013-01-26 09:47:35 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-26 09:43:04 -------- d-----w- C:\_OTL
2013-01-25 05:48:36 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-01-25 05:48:30 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
.
==================== Find3M ====================
.
2013-02-20 21:57:20 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-02-20 21:57:20 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-02-20 21:57:20 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-02-20 21:57:20 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-02-20 21:26:46 5642 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-02-07 23:06:56 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 23:06:56 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 21:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 21:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 21:12:55.18 ===============
I ran the files that were asked for in the link provided and attached them in the zip file. (when first running gmer, I accidentally saved my log in .log format. When I noticed my mistake, I went back to try and resave it as ark.txt as you asked, I didn't get the same prompts and after scanning it said it did not see anything. My original attempt that I saved as gmer.log pulled at least 4 instances. I hope this is usable as I have attached both.
I also do not have access to a windows boot disk.
Thank you for your help