Jump to content

Search the Community

Showing results for tags 'Chrome'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi, My chrome browser on the new windows 8 laptop opens yahoo search by default. I have tried changing this and a couple of anti virus and malware removal tools but of no help. Came across a few entries here like the one below where this has been resolved by your help. https://forums.malwarebytes.org/index.php?s=5b2cb85031fe0d71fbd36cd90812424f&showtopic=143966 Could you please help resolve the issue on my laptop? Thanks!
  2. Hey, every time I have wi-fi on, I get a message from Malwarebytes that says "Successfully blocked access to a potentially malicious website" IPs that I found include 89.248.172.45 (which belongs to The Netherlands), and 89.28.5.37 (which belongs to Moldova) There are definitely more, but those are the ones I recorded, plz help :C
  3. Hello Guys, I came here through a search for a solution to random pop-ups in my brand new laptop with Win8, google chrome. Like yesterday first a random page opened and it seemed valid...today it happened again. Both of the pages are pretty well done. Unfortunatelly I have no screen, will make screen nextime if necessary. The pup-ups came out of nowhere and I am sure I did not even click anything. I started to use the new computer mainly cause my oldone with XP was infected. I use flashdisc to copy necessary data from one computer to another...maybe that caused the infection transfere - I used this flashdisc to install KasperskyAV on the new system. Ofcourse I run a scan right away but nothing was found. Now I looked at this thread: https://forums.malwarebytes.org/index.php?showtopic=124537 And am pretty scared what is in front of me. The system is brand new, so not many applications are intalled and used only for several days. PLEASE let me know how to procede in order to get rid of any possible infection. Thank you H.
  4. Hi, So when I started my PC (Windows 7) up today and used google chrome something strange happened. When I open a new tab, it goes to my new tab page, then it gets redirected to http://feed.helperbar.com/?p=(Random letters and numbers) which then redirects to http://search.snapdo.com/?st=nt&q= So I looked those up on google and they all said to remove it using add/remove programs, and remove it from the extensions, New page tab and search engine. But those are all correct. There's nothing about them, since it doesn't go to those websites straight away. It goes to my new tab page first, and then gets redirected. Does anyone know what this is? Thanks in advance.
  5. Every time I open Chrome it automatically takes me to a Yahoo searchbar, url: http://uk.search.yahoo.com/?type=586383&fr=spigot-yhp-ch This issue only began today (probably when I downloaded bittorrent, oops), and now no matter what settings I change Chrome always opens to Yahoo. I see this problem has been dealt with before on these forums but the steps involved looked a little complicated and involved the postings of logs so I was hoping to get some help. Thanks.
  6. Hi there, I recently installed Malwarebyte under a friend's recommendation. I have also started using Google Input Tools on Chrome. On my first try, I noticed that I got a pop up stating that something was blocked successfully on Chrome at the same time I turned on the extension on chrome. The input tool could not be used. I tried installing the extension and the same thing happened. How do I go about unblocking the item that was unblocked? Thanks in advance.
  7. For some reason every time i start up Google Chrome it comes up with a Yahoo search bar page with this in the address bar : http://uk.search.yahoo.com/?type=599486&fr=spigot-yhp-ch so i Googled Spigot and i found it is some sort of virus (of some description). How do i get rid of it? Please help
  8. Hello. I don't know where else to put this, so I will put it here. One day I was on Google chrome and when I opened a new tab, it went to the bing search engine. I got that fixed, but then my default search engine was bing. The next day(today) it said that someone tried to open my gmail. I just changed my password.The reason i am not scanning with DDS is because this is web malware. Please use web browser/hacker detector scanners instead of normal malware scanners like MBAM, RougeKiller, or ComboFix. Thanks, and I hope you can help. P.S: the email hacker's info and date was: Wednesday, February 19, 2014 11:54:57 PM UTC IP Address: 175.0.235.15 Location: Changsha, Hunan, China
  9. I am using Mbam Anti-Exploit 0.09.5.0250. Since yesterday everything is fine, until I update my Alipay Certificate(Alipay is some sort of China online Shopping secure banking add-in module). I am not a online shopper, anyway. My google chrome stopped functioning. And Mbam Anti-Exploit keep showing me "An expoilt code has been blocked by Google Chrome"。 What is it going on... do I need to disable any plugin? (there is no extension for Alipay but plugin) or it is a false positive?
  10. My wife's Windows 7 x64 Toshiba computer has stopped suddenly connecting to the internet. The wifi monitor in the lower right hand corner of the screen says it is connected to a network and has access to internet. However, no browser will connect to the internet. It was working fine and then all of a sudden about 3 days ago it quit working. I have tried various removal services but nothing has worked. It feels like a virus or malware but I have no idea what it is. I have had her run logs and here they are. attach.txt dds.txt
  11. My wife's Windows 7 x64 Toshiba computer has stopped suddenly connecting to the internet. The wifi monitor in the lower right hand corner of the screen says it is connected to a network and has access to internet. However, no browser will connect to the internet. It was working fine and then all of a sudden about 3 days ago it quit working. I have tried various removal services but nothing has worked. It feels like a virus or malware but I have no idea what it is. I have had her run logs and here they are. Please help! attach.txt dds.txt
  12. First, I'm not totally sure what I'm doing here or what you may need so here goes: My laptop is about 12 years old running Windows XP sp2 so secondly, I don't know if you can even help me, it's so old (I've seen some forums refuse to help people running Windows XP). I apologize if that's the case, but thanks anyway! I hadn't used this computer for a couple years but I've started using it again and I decided to do some basic maintenance (updates, defragment, scan with avg etc) in an attempt to improve performance and as part of that process, someone recommended me to use IObit's Advanced System Care. So I did and I've discovered since then that no matter what I do, my homepage (for firefox) is set to yahoo! and both Firefox and Chrome keep having the default search engine set to yahoo. I'm not 100% convinced it was Advanced System Care that caused the problem though, I have it on my desktop and I've never had this problem before (I just noticed the problem after installing it). I ran MBAM but it didn't resolve the issue; also ran DDS. In summary: Am I beyond hope? (with my computer being so old) and if not: Please help me fix my homepage/default search engine settings back to google, if possible. To your knowledge, is Advanced System Care/IObit known to be associated with malware? (And should I remove it?) Thank you! DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_06 Run by Michelle at 16:00:14 on 2014-01-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.316 [GMT -8:00] . AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\AVG\AVG2014\avgidsagent.exe C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\windows\system32\igfxpers.exe C:\windows\system32\hkcmd.exe C:\program files\common files\java\java update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE C:\PROGRAM FILES\DELL SUPPORT CENTER\BIN\SPRTCMD.EXE C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned> BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> TB: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [sunJavaUpdateSched] c:\program files\common files\java\java update\jusched.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\michelle\application data\mozilla\firefox\profiles\6h3chw64.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2014-1-17 15808] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848] R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2014-1-17 881440] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S?2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544] S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-1-17 2151200] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-28 25112] . =============== Created Last 30 ================ . 2014-01-18 23:51:44 1893 ----a-w- c:\windows\bcmwltrytmp.reg 2014-01-18 20:38:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-01-18 18:49:43 -------- d-----w- c:\windows\SxsCaPendDel 2014-01-18 08:49:59 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2014-01-18 08:49:58 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2014-01-18 08:43:33 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2014-01-18 08:42:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2014-01-18 08:42:05 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2014-01-18 08:41:56 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2014-01-18 08:41:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys 2014-01-18 08:21:33 5376 ------w- c:\windows\system32\dllcache\usbd.sys 2014-01-18 07:34:17 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll 2014-01-18 07:34:17 265728 ------w- c:\windows\system32\dllcache\http.sys 2014-01-18 07:34:17 25088 ------w- c:\windows\system32\dllcache\httpapi.dll 2014-01-18 07:33:43 79872 ------w- c:\windows\system32\dllcache\raschap.dll 2014-01-18 07:33:43 149504 ------w- c:\windows\system32\dllcache\rastls.dll 2014-01-18 07:33:36 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2014-01-18 07:31:51 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys 2014-01-18 07:31:40 3072 ------w- c:\windows\system32\iacenc.dll 2014-01-18 07:31:40 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2014-01-18 07:31:29 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2014-01-18 04:17:28 -------- d-----w- C:\DrvInstall 2014-01-18 03:56:59 27904 ----a-w- c:\windows\system32\drivers\risdptsk.sys 2014-01-18 03:16:26 920088 ----a-w- c:\windows\system32\igxpun.exe 2014-01-18 03:16:26 -------- d-----w- c:\windows\system32\x64 2014-01-18 03:16:26 -------- d-----w- c:\windows\system32\Lang 2014-01-18 03:14:41 57344 ----a-w- c:\windows\system32\igxprd32.dll 2014-01-17 22:45:45 24384 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2014-01-17 22:08:36 -------- d-----w- c:\documents and settings\michelle\AppData 2014-01-17 22:08:26 -------- d-----w- c:\documents and settings\all users\application data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-01-17 22:08:17 -------- d-----w- c:\documents and settings\all users\application data\ProductData 2014-01-17 16:03:56 31008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2014-01-17 16:02:46 -------- d-----w- c:\documents and settings\all users\application data\IObit 2014-01-17 16:02:45 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll 2014-01-17 16:02:15 15808 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2014-01-17 16:01:14 -------- d-----w- c:\documents and settings\michelle\application data\IObit 2014-01-13 21:08:59 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll 2014-01-13 21:08:44 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe 2014-01-13 21:08:24 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2014-01-13 21:08:24 108144 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2014-01-13 21:08:19 17248 ----a-w- c:\program files\mozilla firefox\plugins\NPOFFICE.DLL 2014-01-13 21:08:19 1642496 ----a-w- c:\program files\mozilla firefox\plugins\npdjvu.dll . ==================== Find3M ==================== . 2014-01-18 04:15:11 1952512 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS 2014-01-14 12:13:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-01-14 12:13:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 05:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-11-05 05:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-11-01 07:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-11-01 06:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys 2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec 2013-10-25 06:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll . ============= FINISH: 16:01:55.31 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/8/2008 12:52:53 PM System Uptime: 1/18/2014 3:49:16 PM (1 hours ago) . Motherboard: Dell Inc. | | 0FF049 Processor: Genuine Intel® CPU T2250 @ 1.73GHz | Microprocessor | 795/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 68 GiB total, 9.531 GiB free. D: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96A-E325-11CE-BFC1-08002BE10318} Description: Ricoh MMC Host Controller Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CD1028&REV_01\4&2FE911E8&0&0AF0 Manufacturer: Ricoh Company Name: Ricoh MMC Host Controller PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CD1028&REV_01\4&2FE911E8&0&0AF0 Service: rimmptsk . ==== System Restore Points =================== . RP1: 1/17/2014 4:00:02 AM - System Checkpoint RP2: 1/17/2014 4:08:46 AM - Removed Java 7 Update 9 RP3: 1/17/2014 4:10:02 AM - Installed Java 7 Update 51 RP4: 1/17/2014 9:57:08 AM - Removed Microsoft Visual C++ 2005 Redistributable RP5: 1/17/2014 10:01:29 AM - Removed SPORE™ RP6: 1/17/2014 7:13:13 PM - Driver Booster : Mobile Intel® 945GM Express Chipset Family RP7: 1/17/2014 11:45:51 PM - Software Distribution Service 3.0 RP8: 1/18/2014 1:02:56 AM - Software Distribution Service 3.0 RP9: 1/18/2014 10:08:58 AM - IObit Uninstaller restore point RP10: 1/18/2014 10:14:00 AM - Prior to using IObit to uninstall all the things RP11: 1/18/2014 10:14:24 AM - IObit Uninstaller restore point RP12: 1/18/2014 10:16:26 AM - IObit Uninstaller restore point RP13: 1/18/2014 10:18:32 AM - IObit Uninstaller restore point RP14: 1/18/2014 10:27:44 AM - IObit Uninstaller restore point RP15: 1/18/2014 10:28:30 AM - Removed IObit Apps Toolbar v8.6. RP16: 1/18/2014 10:43:26 AM - IObit Uninstaller restore point RP17: 1/18/2014 10:46:18 AM - IObit Uninstaller restore point RP18: 1/18/2014 10:47:17 AM - Removed Microsoft Visual C++ 2005 Redistributable RP19: 1/18/2014 10:50:46 AM - IObit Uninstaller restore point RP20: 1/18/2014 10:51:04 AM - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 RP21: 1/18/2014 10:53:08 AM - IObit Uninstaller restore point RP22: 1/18/2014 10:57:19 AM - IObit Uninstaller restore point RP23: 1/18/2014 11:16:26 AM - IObit Uninstaller restore point RP24: 1/18/2014 11:26:50 AM - IObit Uninstaller restore point RP25: 1/18/2014 12:12:51 PM - IObit Uninstaller restore point . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 12 Plugin Adobe Reader 7.0.8 Advanced SystemCare 7 AOLIcon AVG 2014 Broadcom Management Programs Compatibility Pack for the 2007 Office system Conexant HDA D110 MDC V.92 Modem Costco Photo Organizer Dell Support Center (Support Software) Dell System Restore Dell Wireless WLAN Card DellSupport Digital Content Portal Digital Line Detect Documentation & Support Launcher Driver Booster ELIcon Game Booster Games, Music, & Photos Launcher High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver IObit Uninstaller J2SE Runtime Environment 5.0 Update 6 Java 7 Update 51 Java Auto Updater Lizardtech DjVu Control Logitech Camera Driver Malwarebytes Anti-Malware version 1.75.0.1300 MapleStory MCU Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.0 Security Update (KB2742607) Microsoft .NET Framework 1.0 Security Update (KB2833951) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In Microsoft Office Outlook 2003 with Business Contact Manager Update Microsoft Office Small Business Edition 2003 Microsoft Office Standard Edition 2003 Microsoft Office XP Standard for Students and Teachers Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Works Modem Helper Mozilla Firefox 26.0 (x86 en-US) MSN MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) O&O Defrag Professional Edition PowerDVD 5.7 QuickSet QuickTime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834905-v2) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219-v2) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135-v2) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2862152) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2868626) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876331) Security Update for Windows XP (KB2892075) Security Update for Windows XP (KB2893294) Security Update for Windows XP (KB2893984) Security Update for Windows XP (KB2898715) Security Update for Windows XP (KB2900986) Security Update for Windows XP (KB2914368) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Skype™ 6.11 Smart Defrag 3 Sonic DLA Sonic Encoders Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spybot - Search & Destroy Surfing Protection Synaptics Pointing Device Driver TES Construction Set Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB972636) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Media Player 10 (KB910393) Update for Windows XP (KB2345886) Update for Windows XP (KB2749655) Update for Windows XP (KB2904266) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 URL Assistant VideoLAN VLC media player 0.8.6f Visual Studio 2012 x86 Redistributables VisualBee for Microsoft PowerPoint WebFldrs XP Winamp Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Messenger Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB912067 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 1/18/2014 9:30:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/17/2014 4:08:17 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 1/17/2014 3:30:05 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 1/17/2014 2:09:22 PM, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). 1/13/2014 12:01:02 PM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s). 1/13/2014 11:59:33 AM, error: Service Control Manager [7034] - The EPSON V5 Service4(01) service terminated unexpectedly. It has done this 1 time(s). 1/13/2014 11:57:43 AM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 1/13/2014 11:56:43 AM, error: Service Control Manager [7034] - The Logitech Process Monitor service terminated unexpectedly. It has done this 1 time(s). 1/13/2014 11:50:36 AM, error: Service Control Manager [7031] - The Turbine Message Service - Live service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/13/2014 11:38:04 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Turbine Message Service - Live service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . ==== End Of File =========================== dds.txt attach.txt
  13. Hi, I apologize if this has been posted already, feel free to redirect me there if that's the case, but I couldn't find anything on this one on Google or the forums. A few days ago I was noticing a lot of annoying adds coming up (even with AdBlock on) and chrome would crash every once in a while. I looked in my extensions window and noticed this (see attachment). I delete it from Chrome every time I boot up, but it comes back every time. And after using Spybot, Malware Bytes, and several other programs, it's still there. I scanned through my programs/updates list in Windows control panel as well and don't see anything suspicious. If anyone has any ideas, please let me know! Thank you.
  14. i have an extension xscBrwse that is on my Google Chrome, but i am unable to uninstall or remove. Any idea what this is, and if it's bad? Thanks Paul
  15. I got redirected to a suspected dodgey version of a bitcoin site (real site is .com this one identified itself as .cloudnet) Since then (few hours later) no apps would connect to the internet. Chrome would say could not connect to proxy, I don't use a proxy. Tor would connect though but that's because it uses its own proxy, not the system one. USB memory sticks have been acting weird too. I've been getting the 'this USB has a problem click to fix' error and an I/O error due to an invalid system string or application request. The laptop is pretty high spec and used to boot up in a flash and be very responsive. Now for the last day or so it's booting up slower, apps are slower and general response is sluggish. I've ran malware bytes on it in safe mode and nothing has come up. Would should I do next as I can get most of my data off. It's an HP laptop running Windows 8 Standard Edition x64. Cheers
  16. k long story short. Installed a few apps from chrom, the lst one was last pass, thay is where it became all wonky. facebook froze and said it was infected and boot me. then I cant find lastpass in programs to delete i open up chrome and bang bsod . so here is my hjt log please say you see something i am missing. oh and the startup menue is super slow since last night Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:56:36 AM, on 11/6/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Unable to get Internet Explorer version!Boot mode: Normal Running processes:C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exeC:\Program Files (x86)\Launch Manager\LManager.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Owner\Downloads\HijackThis.exeC:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exeC:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exeC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLLO4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -kO4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exeO4 - HKLM\..\Run: [sOSUAUI] "C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe" -showuiO4 - HKLM\..\Run: [sMessaging] C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exeO4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -schedulerO4 - HKCU\..\Run: [bDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" --type=serviceO4 - HKCU\..\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] "C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-windowO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exeO23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exeO23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 9758 bytes Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.11.06.03 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Owner :: 8VIRUS8-EXE [administrator] Protection: Enabled 11/6/2013 7:20:57 AMmbam-log-2013-11-06 (07-20-57).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 363250Time elapsed: 1 hour(s), 11 minute(s), Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)2013/11/06 02:45:47 -0600 8VIRUS8-EXE Owner MESSAGE Executing scheduled update: Flash Scan | Hourly2013/11/06 02:45:48 -0600 8VIRUS8-EXE Owner ERROR Scheduled update failed: No address found failed with error code 02013/11/06 04:40:35 -0600 8VIRUS8-EXE Owner MESSAGE Executing scheduled update: Flash Scan | Hourly2013/11/06 04:40:45 -0600 8VIRUS8-EXE Owner MESSAGE Scheduled update executed successfully: database updated from version v2013.11.05.04 to version v2013.11.06.032013/11/06 04:40:45 -0600 8VIRUS8-EXE Owner MESSAGE Starting database refresh2013/11/06 04:40:46 -0600 8VIRUS8-EXE Owner MESSAGE Stopping IP protection2013/11/06 04:40:47 -0600 8VIRUS8-EXE Owner MESSAGE IP Protection stopped successfully2013/11/06 04:40:49 -0600 8VIRUS8-EXE Owner MESSAGE Executing scheduled scan: Flash Scan | -terminate2013/11/06 04:40:49 -0600 8VIRUS8-EXE Owner MESSAGE Scheduled scan executed successfully2013/11/06 04:41:11 -0600 8VIRUS8-EXE Owner MESSAGE Database refreshed successfully2013/11/06 04:41:11 -0600 8VIRUS8-EXE Owner MESSAGE Starting IP protection2013/11/06 04:41:16 -0600 8VIRUS8-EXE Owner MESSAGE IP Protection started successfully
  17. Starting last night, random hyperlinks in orange text have been appearing on various websites. SearchAssist seems to be at the culprit and even if there's a 'opt out' solution I've been told about, I want this thing GONE. DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2Run by Arcadia at 16:18:39 on 2013-10-18Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16325.12700 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Program Files\Tablet\Pen\Pen_TouchService.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exeC:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exeC:\Windows\system32\taskhost.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exeC:\Program Files\Tablet\Pen\Pen_TouchUser.exeC:\Program Files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\IProsetMonitor.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\Explorer.EXEC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Tablet\Pen\Pen_TabletUser.exeC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Users\Arcadia\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Users\Arcadia\AppData\Local\Akamai\netsession_win.exeC:\Users\Arcadia\AppData\Local\AOL\AIM\aim.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Users\Arcadia\AppData\Local\Apps\2.0\Y8DL19T5.7M2\0QTDW9TM.CPM\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\msiexec.exeC:\Windows\syswow64\MsiExec.exeC:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP\WiseCustomCalla31.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = <local>;*.localmWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [Akamai NetSession Interface] "C:\Users\Arcadia\AppData\Local\Akamai\netsession_win.exe"uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [AIM for Windows] "C:\Users\Arcadia\AppData\Local\AOL\AIM\aim.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWmRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exemRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguimRunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"mRunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"mRunOnce: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll"StartupFolder: C:\Users\Arcadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccipmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{409FB815-7F28-4639-A6EB-6AE89ADD91C6} : DHCPNameServer = 209.18.47.61 209.18.47.62Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mWinlogon: Userinit = C:\Windows\System32\userinit.exex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Arcadia\AppData\Roaming\Mozilla\Firefox\Profiles\pl68xkvn.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dllFF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false============= SERVICES / DRIVERS ===============.R?2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe [2012-11-21 1457152]R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-30 65776]R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-30 205320]R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-10-12 562456]R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-10-16 23832]R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-9-21 25904]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-25 55856]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-23 1032416]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-23 409832]R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-11-21 920736]R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-11-21 951936]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-11-21 149120]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-23 38984]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-23 84328]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-26 46808]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-10-16 7168]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-10-16 178344]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 701512]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-10-25 6583160]R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-10-25 528760]R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2012-11-21 26136]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-14 25928]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe [2013-5-3 25832]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-22 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]S3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2008-1-17 18816]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-29 19456]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-29 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-29 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-27 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-10-18 19:37:29 110080 ----a-r- C:\Users\Arcadia\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconF7A21AF7.exe2013-10-18 19:37:29 110080 ----a-r- C:\Users\Arcadia\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\IconD7F16134.exe2013-10-18 19:37:29 110080 ----a-r- C:\Users\Arcadia\AppData\Roaming\Microsoft\Installer\{86CA3695-A412-4BAE-92B6-49A60C2AC663}\Icon1226A4C5.exe2013-10-18 19:37:29 -------- d-----w- C:\sh4ldr2013-10-18 19:37:29 -------- d-----w- C:\Program Files\Enigma Software Group2013-10-18 19:36:59 -------- d-----w- C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP2013-10-18 00:37:46 -------- d-----w- C:\ProgramData\NovaTech Network2013-10-15 03:02:35 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll2013-09-29 11:00:34 -------- d-----w- C:\Users\Arcadia\AppData\Local\CrashDumps2013-09-29 05:22:52 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37785160-2B0B-4FDF-B813-5CDD8002F521}\mpengine.dll2013-09-27 08:25:59 -------- d-----w- C:\Fraps2013-09-27 07:42:49 -------- d-----w- C:\Program Files (x86)\MSI Afterburner2013-09-21 22:00:11 -------- d-----w- C:\Program Files\iPod2013-09-21 22:00:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-21 22:00:10 -------- d-----w- C:\Program Files\iTunes2013-09-21 22:00:10 -------- d-----w- C:\Program Files (x86)\iTunes.==================== Find3M ====================.2013-10-18 19:51:52 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-10-18 19:51:52 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-10-18 19:51:52 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-10-18 19:51:52 43152 ----a-w- C:\Windows\avastSS.scr2013-10-18 19:51:52 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-10-18 19:51:52 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-10-08 20:30:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-08 20:30:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll2013-09-12 05:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe2013-09-11 22:06:31 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin2013-08-26 09:13:02 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys2013-08-07 22:54:02 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL.============= FINISH: 16:18:54.29 =============== Attach: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 10/23/2012 12:42:37 AMSystem Uptime: 10/18/2013 3:26:52 PM (1 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH X79Processor: Intel® Core i7-3820 CPU @ 3.60GHz | LGA2011 | 3601/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 931 GiB total, 600.691 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 932 GiB total, 804.619 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP122: 9/29/2013 1:22:27 AM - Windows UpdateRP123: 10/7/2013 4:04:28 AM - Scheduled CheckpointRP124: 10/15/2013 1:17:26 AM - Scheduled CheckpointRP125: 10/17/2013 8:37:16 PM - Installed DirectXRP126: 10/18/2013 3:37:03 PM - Installed SpyHunterRP127: 10/18/2013 3:51:04 PM - avast! antivirus system restore pointRP128: 10/18/2013 4:08:15 PM - Removed SpyHunter.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)Adobe AIRAdobe Community HelpAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop Elements 9Adobe Photoshop.com Inspiration BrowserAdobe Shockwave Player 12.0AIM for WindowsAkamai NetSession InterfaceApple Application SupportApple Mobile Device SupportApple Software UpdateAsmedia ASM104x USB 3.0 Host Controller DriverAsmedia ASM106x SATA Host Controller DriverAssassin's CreedAssassin's Creed ® IIIavast! Free AntivirusBambooBamboo DockBattle.netBonjourCCleanerCombined Community Codec Pack 2013-08-01Curse ClientD3DX10DivX SetupDragon Age: OriginsDragons Prophet BetaElements 9 OrganizerElements STI InstallerFireAlpaca 1.0.30foobar2000 v1.2.9Fraps (remove only)Google ChromeGoogle DriveGoogle Update HelperGuild Wars 2Intel® Management Engine ComponentsIntel® Network Connections 16.6.126.0Intel® Rapid Storage Technology enterpriseIntel® Watchdog Timer Driver (Intel® WDT)iTunesJava 7 Update 25Java Auto UpdaterJunk Mail filter updateLeague of LegendsMalwarebytes Anti-Malware version 1.75.0.1300Mass EffectMass Effect™ 2Mass Effect™ 3Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_CRT_x86Mozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMSI Afterburner 3.0.0 Beta 14MSVCRTMSVCRT_amd64Mumble 1.2.4NVIDIA 3D Vision Controller Driver 326.01NVIDIA 3D Vision Driver 327.23NVIDIA Control Panel 327.23NVIDIA Graphics Driver 327.23NVIDIA HD Audio Driver 1.3.26.4NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.13.0725NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsOCCT 4.3.2OpenOffice 4.0.0OriginRealtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Skype™ 6.7SpyHunterSteamSweetFX ConfiguratorswMSMThe Elder Scrolls Online BetaUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)UplayVC80CRTRedist - 8.0.50727.6195Ventrilo Client for Windows x64VLC media player 2.0.8WebTablet FB PluginWebTablet IE PluginWebTablet Netscape PluginWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.20 (64-bit)World of WarcraftWorld of Warcraft Public TestXSplit BroadcasterZenWriter.==== Event Viewer Messages From Past Week ========.10/18/2013 3:51:53 PM, Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.10/18/2013 3:29:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mvs91xx10/18/2013 3:29:03 PM, Error: Service Control Manager [7022] - The AsusFanControlService service hung on starting.10/18/2013 11:34:23 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.10/15/2013 3:22:46 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Service Sendori service, but this action failed with the following error: An instance of the service is already running.10/15/2013 3:02:46 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service..==== End Of File ===========================
  18. Hi there, Starting up Chrome, snap.do starts as homepage. However the toolbar still searches as Google, new tab open up as google, google is still default search engine. When I close the browser, my settings correctly open where i left off. Unless, all tabs were closed and the browser is opened fresh. Snap.do is NOT in extensions, there is no software I can uninstall and a full malwarebytes scan has come back clean. I am perplexed by this. Many thanks
  19. Sooooo, I just thought I'd mention a false positive that I've noticed recently. When using Chrome (perhaps all browsers), the eBay login page apparently uses some sort of Silverlight component. Upon browsing to this page, a yellow bar appears directly below the Bookmarks Bar which says "Silverlight Plug-In has crashed." At the exact same time, the Malwarebytes Anti-Exploit window pops up and says "Anti-Exploit has blocked an exploit attempt". Please acknowledge...
  20. I've never had problems with CPU usage spikes and/or the Chrome browser until this morning. While downloading the utility to download a video, I accidently downloaded a bunch of toolbars. Who knows what else also hitched a ride in the process. Immediately following the download, my CPU use spiked over 90% and continued to climb. My Chrome browser stopped responding, which is something I never have encountered. Typically Chrome with the number of tabs I keep open doesn't gobble up more than 20% of my CPU. I ran the Malwarebytes Quick Scan which flagged 2 occurrences of PUP.215. (Prior to this scan, my daily scans have been clean.) I deleted these 2 occurrences and ran the Quick Scan again. However, they were once again flagged. So I rebooted and ran Quick Scan once again. Wash, rinse, repeat. Eventually PUP.215 was no longer flagged by Quick Scan. However, when I relaunched Chrome, CPU use once again spiked to over 90% and Chrome once again became unresponsive. As I said previously, I've never had a problem with Chrome until immediately after I downloaded this video download utility. No similar problems with Firefox. --------------------- Following the instructions in the forum, I downloaded DDS and ran the utility. I also downloaded and ran RogueKiller. The logs are included below. --------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by admin at 8:57:18 on 2013-04-22 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5706.3951 [GMT -7:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Elantech\ETDService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Launch Manager\LManager.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\dashost.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\notepad.exe C:\Windows\RfBtnSvc64.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://acer13.msn.com uDefault_Page_URL = hxxp://acer13.msn.com mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll uRun: [spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [LManager] <no file> StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe TCP: NameServer = 192.168.1.254 TCP: Interfaces\{5A148809-A31E-4F10-9D59-645FE05FA557} : DHCPNameServer = 192.168.1.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\ FF - prefs.js: browser.search.selectedEngine - - FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff10.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff4.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff5.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff6.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff7.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff8.dll FF - component: C:\Program Files\AVG\AVG2012\Firefox4\components\avgssff9.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - ExtSQL: 2013-03-24 07:30; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn FF - ExtSQL: 2013-03-29 21:33; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn FF - ExtSQL: 2013-03-30 22:11; client@anonymox.net; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\client@anonymox.net.xpi FF - ExtSQL: 2013-04-11 08:54; putlockerdownloader3@putlockerdownloader.com; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\putlockerdownloader3@putlockerdownloader.com.xpi FF - ExtSQL: 2013-04-22 05:25; gophoto@gophoto.it; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\rb9ira9w.default\extensions\gophoto@gophoto.it.xpi . ============= SERVICES / DRIVERS =============== . R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-4 239616] R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-12-18 199008] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-9-21 348784] R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-9-21 85904] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-12-18 2457232] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-1 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-1 701512] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-8-22 259136] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-12-18 93296] R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-12-18 81536] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-9-4 98472] R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-4-12 1390680] R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-15 168096] R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-8-22 658576] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-25 138912] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-9-21 319888] R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130419.001\IDSviA64.sys [2013-4-19 513184] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-4 110744] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-1 25928] R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-12-18 26736] R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1403010.016\symds64.sys [2013-4-15 493656] R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1403010.016\symefa64.sys [2013-4-15 1139800] R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1403010.016\ironx64.sys [2013-4-15 224416] R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1403010.016\symnets.sys [2013-4-15 432800] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-12-18 57000] S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1403010.016\symelam.sys [2013-4-15 23448] S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-22 468624] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-12-18 340112] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\Drivers\rtwlane.sys [2012-6-29 1119232] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-04-22 11:49:25 -------- d-----w- C:\ProgramData\Babylon 2013-04-22 11:49:24 -------- d-----w- C:\Users\admin\AppData\Roaming\Babylon 2013-04-22 11:49:20 -------- d-----w- C:\Program Files (x86)\Gophoto.it 2013-04-22 11:47:52 -------- d-----w- C:\Users\admin\AppData\Local\PutLockerDownloader 2013-04-22 11:47:43 -------- d-----w- C:\Program Files (x86)\PutLockerDownloader 2013-04-19 03:39:48 193200 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin 2013-04-18 12:21:43 -------- d-----w- C:\Users\admin\.thumbnails 2013-04-18 12:13:53 -------- d-----w- C:\Users\admin\AppData\Local\fontconfig 2013-04-18 12:13:49 -------- d-----w- C:\Users\admin\AppData\Local\gegl-0.2 2013-04-18 12:13:49 -------- d-----w- C:\Users\admin\.gimp-2.8 2013-04-18 12:09:26 -------- d-----w- C:\Program Files\GIMP 2 2013-04-16 03:35:49 -------- d-----w- C:\Program Files (x86)\Metability Software 2013-04-16 03:34:17 -------- d-----w- C:\Program Files (x86)\Microsoft Pro Photo Tools 2013-04-16 02:24:08 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys 2013-04-16 02:24:08 432800 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys 2013-04-16 02:24:08 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1403010.016\symelam.sys 2013-04-16 02:24:08 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys 2013-04-16 02:24:07 796248 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\srtsp64.sys 2013-04-16 02:24:07 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\srtspx64.sys 2013-04-16 02:24:07 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys 2013-04-16 02:24:07 168096 ----a-w- C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys 2013-04-16 02:23:41 -------- d-----w- C:\Windows\System32\drivers\NISx64\1403010.016 2013-04-15 04:57:46 -------- d-----w- C:\Windows\en 2013-04-15 04:57:17 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-04-15 04:56:43 -------- d-----w- C:\Windows\PCHEALTH 2013-04-15 04:56:08 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll 2013-04-15 04:56:08 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll 2013-04-15 04:56:08 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll 2013-04-15 04:56:08 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll 2013-04-15 04:56:06 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll 2013-04-15 04:56:04 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll 2013-04-15 04:55:29 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2013-04-15 04:55:29 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2013-04-15 04:55:20 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2013-04-15 04:55:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2013-04-15 04:54:25 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb1ac6d1ce399504\DSETUP.dll 2013-04-15 04:54:25 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb1ac6d1ce399504\DXSETUP.exe 2013-04-15 04:54:25 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb1ac6d1ce399504\dsetup32.dll 2013-04-15 04:54:21 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e5f3791ce399503\DSETUP.dll 2013-04-15 04:54:21 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e5f3791ce399503\DXSETUP.exe 2013-04-15 04:54:21 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\48e5f3791ce399503\dsetup32.dll 2013-04-15 04:54:11 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44045dc41ce399501\DSETUP.dll 2013-04-15 04:54:11 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44045dc41ce399501\DXSETUP.exe 2013-04-15 04:54:11 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44045dc41ce399501\dsetup32.dll 2013-04-15 04:54:05 -------- d-----w- C:\Users\admin\AppData\Local\Windows Live 2013-04-15 04:53:00 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2013-04-12 03:37:59 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll 2013-04-12 01:39:26 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll 2013-04-12 01:39:26 1011200 ----a-w- C:\Windows\System32\reseteng.dll 2013-04-12 01:38:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-12 01:38:03 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-12 01:38:02 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-04-11 03:47:06 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-11 02:55:57 4041728 ----a-w- C:\Windows\System32\win32k.sys 2013-04-04 04:35:06 -------- d-----w- C:\Users\admin\VirtualBox VMs 2013-04-04 04:06:43 -------- d-----w- C:\Users\admin\.VirtualBox 2013-04-04 04:03:30 237840 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2013-04-04 04:03:12 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2013-04-04 04:03:01 -------- d-----w- C:\Program Files\Oracle 2013-03-31 03:40:13 -------- d-----w- C:\bookmarkbackups firefox win8 2013-03-30 06:00:24 708168 ----a-w- C:\Windows\System32\winusbcoinstaller.dll 2013-03-30 06:00:24 1533512 ----a-w- C:\Windows\System32\wudfupdate_01007.dll 2013-03-30 06:00:06 1490656 ----a-w- C:\Windows\System32\wdfcoinstaller01007.dll 2013-03-30 05:59:39 -------- d-----w- C:\Program Files (x86)\DriverTools 2013-03-30 05:57:09 -------- d-----w- C:\Android Phone Driver 2013-03-29 04:33:44 -------- d-----w- C:\Users\admin\.android 2013-03-28 16:40:09 -------- d-----w- C:\Users\admin\AppData\Local\Eclipse 2013-03-28 16:31:10 -------- d-----w- C:\Users\admin\.eclipse 2013-03-28 16:00:35 -------- d-----w- C:\Program Files\eclipse-jee-juno-SR2-win32-x86_64 . ==================== Find3M ==================== . 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-16 02:14:04 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2013-03-16 02:13:06 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2013-03-16 02:13:04 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2013-03-12 22:04:59 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys 2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys 2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys 2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys 2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys 2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys 2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe 2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll 2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll 2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll 2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll 2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll 2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll 2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll 2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll 2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll 2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll 2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll 2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll 2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl 2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll 2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll 2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll 2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll 2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll 2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll 2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll 2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll 2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll 2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll 2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll 2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll 2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll 2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl 2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys 2013-03-01 09:21:18 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-03-01 09:21:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys 2013-02-27 07:11:05 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-02-27 07:11:04 963488 ----a-w- C:\Windows\System32\deployJava1.dll 2013-02-27 07:11:04 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-19 15:07:28 83688 ----a-w- C:\Windows\System32\mcupdate_AuthenticAMD.dll 2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll 2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys 2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys 2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll 2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe 2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe 2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe 2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll 2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll 2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll 2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll 2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll 2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll 2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll 2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll 2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll 2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll 2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll 2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll . ============= FINISH: 8:58:26.53 =============== --------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 2/24/2013 3:51:21 PM System Uptime: 4/22/2013 6:56:56 AM (2 hours ago) . Motherboard: Gateway | | EG70_BZ Processor: AMD E2-1800 APU with Radeon™ HD Graphics | Socket FT1 | 1700/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 681 GiB total, 611.093 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP11: 4/3/2013 8:51:30 PM - Installed Oracle VM VirtualBox 4.2.10 RP12: 4/10/2013 7:46:20 PM - Windows Update RP13: 4/14/2013 9:54:10 PM - Windows Live Essentials RP14: 4/22/2013 6:12:40 AM - Restore Point April 22, 2013 0200AM . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Quick Stream AMD VISION Engine Control Center Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Backup Manager v4 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Conexant HD Audio CyberLink PowerDVD 10 D3DX10 Desktop Icon Position Saver (64-bit) Desktop Restore DriverTools 1.0 Dropbox eBay Worldwide ETDWare PS/2-X64 11.6.9.001_WHQL FileMind QuickFix Gateway Device Fast-lane Gateway MyBackup Gateway Power Management Gateway Recovery Management GIMP 2.8.4 Google Chrome Google Earth Plug-in Google Update Helper Graboid Video 3.58 Identity Card ImgBurn Java 7 Update 15 (64-bit) Java SE Development Kit 7 Update 15 (64-bit) Launch Manager Live Updater Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Office Microsoft Pro Photo Tools Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.5 (x86 en-US) MSVCRT MSVCRT110 MSVCRT110_amd64 Nero 12 Essentials OEM.a01 Nero ControlCenter Nero ControlCenter Help (CHM) Nero Core Components Nero Express Nero Express Help (CHM) Nero Launcher Nero Update Norton Internet Security Notepad++ OpenOffice.org 3.4.1 Oracle VM VirtualBox 4.2.10 Photo Common Photo Gallery Prerequisite installer Qualcomm Atheros WiFi Driver Installation RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek PCIE Card Reader RealUpgrade 1.1 Spotify VLC media player 1.0.1 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== Event Viewer Messages From Past Week ======== . 4/22/2013 8:43:22 AM, Error: Service Control Manager [7031] - The Dritek RF Button Command Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service. 4/22/2013 6:55:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service. . ==== End Of File =========================== ------------------------- RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : admin [Admin rights] Mode : Scan -- Date : 04/22/2013 08:45:18 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc] [RESIDUE] RfBtnSvc64.exe -- C:\Windows\RfBtnSvc64.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] Test TimeTrigger : C:\Users\admin\AppData\Local\Temp\Runner.exe C:\Users\admin\AppData\Local\Temp\DNS.exe [-] -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++ --- User --- [MBR] be04461bb648d4f25720e0895077dad1 [bSP] 931321f89af69cceb532b19386ef6065 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04222013_02d0845.txt >> RKreport[1]_S_04222013_02d0845.txt ---------------------------------- Thank you for any help you can offer. I'm a newbie at this stuff, but am trying to learn as fast as I can.
  21. Hi, Malwarebytes Pro user here for a few months. I have to say, it's been worth the investment. Especially after this started happening around midnight. So... Many Times? Well, 25 times since midnight CST to be exact. I tried both Firefox and Chrome and got the block on both programs. Only other program I've had open today was Steam. 2013/04/16 16:09:36 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 65310, Process: chrome.exe) 2013/04/16 16:09:36 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 65311, Process: chrome.exe) 2013/04/16 16:32:09 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 49741, Process: firefox.exe) 2013/04/16 16:32:09 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 49753, Process: firefox.exe) I've seen it block a few over the last few months... But never so many times from the same IP. Trace says it's supposedly from Engelwood Colorado? Is my computer at risk here? What do I need to do? Here's the step's I've taken so far. 1. Ran CCleaner 2. Ran Updated MSE Full Scan 3. Ran MalwareBytes Flash Scan, then Quick, then Full. Everything came back clean. I am not an IT professional. I know my way around the computer in a consumer way only; however, I can follow instructions well. Help me out here, please. Thanks in advance
  22. Hello, My Google Chrome has become unresponsive and my computer is running really slow. I am able to use Firefox but it is running slow also. I ran the Malwarebyte Anti-Malware and nothing was found. The DDS and below are the results: Please help Thanks - Angel DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2 Run by Aheath at 21:05:17 on 2013-03-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5864 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Users\Aheath\Downloads\M4-Service.exe C:\Users\Aheath\Downloads\M4-Capture.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Tether\TBService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\WUDFHost.exe C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe C:\PROGRA~2\Intuit\QU4DD5~1\QBDBMgrN.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files (x86)\SugarSync\SugarSyncManager.exe C:\Program Files (x86)\TechSmith\Jing\Jing.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Users\Aheath\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\PFU\Rack2\rkasynct.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Users\Aheath\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Users\Aheath\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Windows\System32\wiawow64.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: <no name="">: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file=""> TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true uRun: [Google Update] "C:\Users\Aheath\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [Rkiwrtk] "C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Aheath\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Aheath\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Aheath\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 Trusted Zone: taxsoftware.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{D379B712-7F3A-420D-BFC3-9BDC5A84B3B3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{F15EC420-E60F-4B49-9807-2F79F52D359C} : NameServer = 208.67.222.222,208.67.220.220 Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - C:\Program Files (x86)\G7PS\VersaCheck\Messenger for PayCycle\VcmControl.ocx Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll SSODL: WebCheck - <orphaned> SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" x64-Run: [intelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - <orphaned> x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned> x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned> x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned> x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned> x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Aheath\AppData\Roaming\Mozilla\Firefox\Profiles\0bmqdlei.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\Aheath\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\Aheath\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Aheath\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Aheath\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-02-06 10:31; extension21804@extension21804.com; C:\Users\Aheath\AppData\Roaming\Mozilla\Firefox\Profiles\0bmqdlei.default\extensions\extension21804@extension21804.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-3-3 15664] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 39768] R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2011-7-12 328080] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-1-30 8894864] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-25 376168] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-2-19 72216] R2 M4-Service;M4-Service;C:\Users\Aheath\Downloads\M4-Service.exe [2012-2-5 1007472] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2011-12-7 52664] R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880] R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_7.0.41409.0.sys [2013-3-3 17408] R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-3-3 385840] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-6-22 273072] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 QuickBooksDB21;QuickBooksDB21;C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB21 --> C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB21 [?] R3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QU4DD5~1\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QU4DD5~1\QBDBMgrN.exe -hvQuickBooksDB22 [?] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SFUpdater;ShareFile Auto-update Service;"C:\Program Files\ShareFile\Updater\UpdateService.exe" --> C:\Program Files\ShareFile\Updater\UpdateService.exe [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-5 947528] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936] S3 qrkis;Tether Miniport;C:\Windows\System32\drivers\qrkis.sys [2011-12-7 50856] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-4 1255736] . =============== Created Last 30 ================ . 2013-03-05 01:25:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-04 04:57:39 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC8D17DE-BD32-4B9A-86DB-675AE9017668}\mpengine.dll 2013-03-03 07:23:13 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-03 05:43:27 385840 ----a-w- C:\Windows\System32\drivers\dlkmd.sys 2013-03-03 05:43:27 15664 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys 2013-03-03 05:21:03 -------- d-----w- C:\Program Files\DisplayLink Graphics 2013-03-03 05:19:50 -------- d-----w- C:\Program Files\DisplayLink Core Software 2013-03-03 05:19:31 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\System32\dlumd9.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\System32\dlumd11.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\System32\dlumd10.dll 2013-03-03 05:19:30 2081792 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.0.41409.0.dll 2013-03-03 05:19:29 17408 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbPort_7.0.41409.0.sys 2013-02-28 02:32:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-02-28 02:32:13 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-02-28 02:32:13 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-02-28 02:32:13 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-02-28 02:32:05 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-02-28 02:32:05 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-02-28 01:57:15 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2013-02-19 18:45:25 -------- d-----w- C:\Users\Aheath\AppData\Local\LogMeIn 2013-02-19 18:45:22 60776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll 2013-02-19 18:45:22 35688 ----a-w- C:\Windows\System32\LMIport.dll 2013-02-19 18:45:19 88448 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2013-02-19 18:45:19 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys 2013-02-19 18:45:14 84328 ----a-w- C:\Windows\System32\LMIinit.dll 2013-02-19 18:45:08 -------- d-----w- C:\ProgramData\LogMeIn 2013-02-19 18:44:51 -------- d-----w- C:\Program Files (x86)\LogMeIn 2013-02-15 19:05:37 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox.bak 2013-02-13 00:47:36 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 00:47:36 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 00:03:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 00:03:40 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 00:03:40 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 00:03:31 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 00:03:29 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 00:03:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 00:03:28 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 00:03:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 00:03:28 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 00:03:24 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 00:03:19 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-13 00:03:18 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-08 14:33:30 -------- d-----w- C:\Program Files (x86)\National Tax Preparers 2013-02-06 17:55:50 -------- d-----w- C:\ProgramData\Isolated Storage 2013-02-06 15:32:09 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2013-02-06 15:32:01 -------- d-sh--w- C:\AI_RecycleBin 2013-02-06 15:31:52 -------- d-----w- C:\Users\Aheath\AppData\Local\Coupon Companion Plugin 2013-02-06 12:42:10 203544 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2013-02-06 12:42:08 102936 ----a-w- C:\Windows\System32\drivers\ssudbus.sys . ==================== Find3M ==================== . 2013-03-05 01:24:58 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-03-05 01:24:58 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-01 02:11:38 60 ----a-w- C:\Windows\wpd99.drv 2013-02-27 18:47:24 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 18:47:24 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-18 22:40:35 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-30 07:40:53 1130384 ----a-w- C:\Windows\System32\dlumd64.dll 2013-01-30 07:40:51 937360 ----a-w- C:\Windows\SysWow64\dlumd32.dll 2013-01-30 07:40:49 106384 ----a-w- C:\Windows\System32\DLTmmB.dll 2013-01-30 07:40:48 103312 ----a-w- C:\Windows\System32\ManageTMMLifeTime.dll 2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-17 18:33:50 60864 ----a-w- C:\Users\Aheath\g2mdlhlpx.exe 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-08-13 19:06:31 4024320 ----a-w- C:\Program Files (x86)\GUT1E76.tmp . ============= FINISH: 21:05:49.08 ===============
  23. Sorry - posted this in the wrong forum. Hello, My Google Chrome has become unresponsive and my computer is running really slow. I ran the DDS and below are the results: Please help Angel DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2 Run by Aheath at 21:05:17 on 2013-03-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5864 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Users\Aheath\Downloads\M4-Service.exe C:\Users\Aheath\Downloads\M4-Capture.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Tether\TBService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\WUDFHost.exe C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe C:\PROGRA~2\Intuit\QU4DD5~1\QBDBMgrN.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files (x86)\SugarSync\SugarSyncManager.exe C:\Program Files (x86)\TechSmith\Jing\Jing.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Users\Aheath\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\PFU\Rack2\rkasynct.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Users\Aheath\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Users\Aheath\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Windows\System32\wiawow64.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true uRun: [Google Update] "C:\Users\Aheath\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [Rkiwrtk] "C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Aheath\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Aheath\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Aheath\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 Trusted Zone: taxsoftware.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{D379B712-7F3A-420D-BFC3-9BDC5A84B3B3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{F15EC420-E60F-4B49-9807-2F79F52D359C} : NameServer = 208.67.222.222,208.67.220.220 Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - C:\Program Files (x86)\G7PS\VersaCheck\Messenger for PayCycle\VcmControl.ocx Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll SSODL: WebCheck - <orphaned> SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" x64-Run: [intelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - <orphaned> x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned> x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned> x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned> x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned> x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Aheath\AppData\Roaming\Mozilla\Firefox\Profiles\0bmqdlei.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\Aheath\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\Aheath\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Aheath\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Aheath\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-02-06 10:31; extension21804@extension21804.com; C:\Users\Aheath\AppData\Roaming\Mozilla\Firefox\Profiles\0bmqdlei.default\extensions\extension21804@extension21804.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-3-3 15664] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 39768] R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2011-7-12 328080] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-1-30 8894864] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-25 376168] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-2-19 72216] R2 M4-Service;M4-Service;C:\Users\Aheath\Downloads\M4-Service.exe [2012-2-5 1007472] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2011-12-7 52664] R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880] R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_7.0.41409.0.sys [2013-3-3 17408] R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-3-3 385840] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-6-22 273072] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 QuickBooksDB21;QuickBooksDB21;C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB21 --> C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB21 [?] R3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QU4DD5~1\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QU4DD5~1\QBDBMgrN.exe -hvQuickBooksDB22 [?] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SFUpdater;ShareFile Auto-update Service;"C:\Program Files\ShareFile\Updater\UpdateService.exe" --> C:\Program Files\ShareFile\Updater\UpdateService.exe [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-5 947528] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936] S3 qrkis;Tether Miniport;C:\Windows\System32\drivers\qrkis.sys [2011-12-7 50856] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-4 1255736] . =============== Created Last 30 ================ . 2013-03-05 01:25:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-04 04:57:39 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC8D17DE-BD32-4B9A-86DB-675AE9017668}\mpengine.dll 2013-03-03 07:23:13 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-03 05:43:27 385840 ----a-w- C:\Windows\System32\drivers\dlkmd.sys 2013-03-03 05:43:27 15664 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys 2013-03-03 05:21:03 -------- d-----w- C:\Program Files\DisplayLink Graphics 2013-03-03 05:19:50 -------- d-----w- C:\Program Files\DisplayLink Core Software 2013-03-03 05:19:31 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\System32\dlumd9.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\System32\dlumd11.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\System32\dlumd10.dll 2013-03-03 05:19:30 2081792 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.0.41409.0.dll 2013-03-03 05:19:29 17408 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbPort_7.0.41409.0.sys 2013-02-28 02:32:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-02-28 02:32:13 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-02-28 02:32:13 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-02-28 02:32:13 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-02-28 02:32:05 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-02-28 02:32:05 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-02-28 01:57:15 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2013-02-19 18:45:25 -------- d-----w- C:\Users\Aheath\AppData\Local\LogMeIn 2013-02-19 18:45:22 60776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll 2013-02-19 18:45:22 35688 ----a-w- C:\Windows\System32\LMIport.dll 2013-02-19 18:45:19 88448 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2013-02-19 18:45:19 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys 2013-02-19 18:45:14 84328 ----a-w- C:\Windows\System32\LMIinit.dll 2013-02-19 18:45:08 -------- d-----w- C:\ProgramData\LogMeIn 2013-02-19 18:44:51 -------- d-----w- C:\Program Files (x86)\LogMeIn 2013-02-15 19:05:37 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox.bak 2013-02-13 00:47:36 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 00:47:36 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 00:03:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 00:03:40 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 00:03:40 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 00:03:31 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 00:03:29 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 00:03:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 00:03:28 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 00:03:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 00:03:28 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 00:03:24 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 00:03:19 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-13 00:03:18 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-08 14:33:30 -------- d-----w- C:\Program Files (x86)\National Tax Preparers 2013-02-06 17:55:50 -------- d-----w- C:\ProgramData\Isolated Storage 2013-02-06 15:32:09 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2013-02-06 15:32:01 -------- d-sh--w- C:\AI_RecycleBin 2013-02-06 15:31:52 -------- d-----w- C:\Users\Aheath\AppData\Local\Coupon Companion Plugin 2013-02-06 12:42:10 203544 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2013-02-06 12:42:08 102936 ----a-w- C:\Windows\System32\drivers\ssudbus.sys . ==================== Find3M ==================== . 2013-03-05 01:24:58 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-03-05 01:24:58 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-01 02:11:38 60 ----a-w- C:\Windows\wpd99.drv 2013-02-27 18:47:24 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 18:47:24 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-18 22:40:35 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-30 07:40:53 1130384 ----a-w- C:\Windows\System32\dlumd64.dll 2013-01-30 07:40:51 937360 ----a-w- C:\Windows\SysWow64\dlumd32.dll 2013-01-30 07:40:49 106384 ----a-w- C:\Windows\System32\DLTmmB.dll 2013-01-30 07:40:48 103312 ----a-w- C:\Windows\System32\ManageTMMLifeTime.dll 2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-17 18:33:50 60864 ----a-w- C:\Users\Aheath\g2mdlhlpx.exe 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-08-13 19:06:31 4024320 ----a-w- C:\Program Files (x86)\GUT1E76.tmp . ============= FINISH: 21:05:49.08 =============== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2 Run by Aheath at 21:05:17 on 2013-03-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5864 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Users\Aheath\Downloads\M4-Service.exe C:\Users\Aheath\Downloads\M4-Capture.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Tether\TBService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\WUDFHost.exe C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe C:\PROGRA~2\Intuit\QU4DD5~1\QBDBMgrN.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files (x86)\SugarSync\SugarSyncManager.exe C:\Program Files (x86)\TechSmith\Jing\Jing.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Users\Aheath\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\PFU\Rack2\rkasynct.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Users\Aheath\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Users\Aheath\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Windows\System32\wiawow64.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true uRun: [Google Update] "C:\Users\Aheath\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [Rkiwrtk] "C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Aheath\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Aheath\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Aheath\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 Trusted Zone: taxsoftware.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{D379B712-7F3A-420D-BFC3-9BDC5A84B3B3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{F15EC420-E60F-4B49-9807-2F79F52D359C} : NameServer = 208.67.222.222,208.67.220.220 Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - C:\Program Files (x86)\G7PS\VersaCheck\Messenger for PayCycle\VcmControl.ocx Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll SSODL: WebCheck - <orphaned> SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" x64-Run: [intelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: application/x-vcm8 - {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - <orphaned> x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned> x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned> x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned> x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned> x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Aheath\AppData\Roaming\Mozilla\Firefox\Profiles\0bmqdlei.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\Aheath\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\Aheath\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Aheath\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Aheath\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-02-06 10:31; extension21804@extension21804.com; C:\Users\Aheath\AppData\Roaming\Mozilla\Firefox\Profiles\0bmqdlei.default\extensions\extension21804@extension21804.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-3-3 15664] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 39768] R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2011-7-12 328080] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-1-30 8894864] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-25 376168] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-2-19 72216] R2 M4-Service;M4-Service;C:\Users\Aheath\Downloads\M4-Service.exe [2012-2-5 1007472] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2011-12-7 52664] R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880] R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_7.0.41409.0.sys [2013-3-3 17408] R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-3-3 385840] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-6-22 273072] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 QuickBooksDB21;QuickBooksDB21;C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB21 --> C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB21 [?] R3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QU4DD5~1\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QU4DD5~1\QBDBMgrN.exe -hvQuickBooksDB22 [?] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SFUpdater;ShareFile Auto-update Service;"C:\Program Files\ShareFile\Updater\UpdateService.exe" --> C:\Program Files\ShareFile\Updater\UpdateService.exe [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-5 947528] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936] S3 qrkis;Tether Miniport;C:\Windows\System32\drivers\qrkis.sys [2011-12-7 50856] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-4 1255736] . =============== Created Last 30 ================ . 2013-03-05 01:25:10 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-04 04:57:39 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC8D17DE-BD32-4B9A-86DB-675AE9017668}\mpengine.dll 2013-03-03 07:23:13 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-03 05:43:27 385840 ----a-w- C:\Windows\System32\drivers\dlkmd.sys 2013-03-03 05:43:27 15664 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys 2013-03-03 05:21:03 -------- d-----w- C:\Program Files\DisplayLink Graphics 2013-03-03 05:19:50 -------- d-----w- C:\Program Files\DisplayLink Core Software 2013-03-03 05:19:31 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\System32\dlumd9.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\System32\dlumd11.dll 2013-03-03 05:19:31 0 ----a-w- C:\Windows\System32\dlumd10.dll 2013-03-03 05:19:30 2081792 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.0.41409.0.dll 2013-03-03 05:19:29 17408 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbPort_7.0.41409.0.sys 2013-02-28 02:32:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-02-28 02:32:13 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-02-28 02:32:13 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-02-28 02:32:13 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-02-28 02:32:05 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-02-28 02:32:05 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-02-28 01:57:15 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2013-02-19 18:45:25 -------- d-----w- C:\Users\Aheath\AppData\Local\LogMeIn 2013-02-19 18:45:22 60776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll 2013-02-19 18:45:22 35688 ----a-w- C:\Windows\System32\LMIport.dll 2013-02-19 18:45:19 88448 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2013-02-19 18:45:19 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys 2013-02-19 18:45:14 84328 ----a-w- C:\Windows\System32\LMIinit.dll 2013-02-19 18:45:08 -------- d-----w- C:\ProgramData\LogMeIn 2013-02-19 18:44:51 -------- d-----w- C:\Program Files (x86)\LogMeIn 2013-02-15 19:05:37 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox.bak 2013-02-13 00:47:36 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 00:47:36 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 00:03:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 00:03:40 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 00:03:40 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 00:03:31 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 00:03:29 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 00:03:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 00:03:28 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 00:03:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 00:03:28 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 00:03:24 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 00:03:19 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-13 00:03:18 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-08 14:33:30 -------- d-----w- C:\Program Files (x86)\National Tax Preparers 2013-02-06 17:55:50 -------- d-----w- C:\ProgramData\Isolated Storage 2013-02-06 15:32:09 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2013-02-06 15:32:01 -------- d-sh--w- C:\AI_RecycleBin 2013-02-06 15:31:52 -------- d-----w- C:\Users\Aheath\AppData\Local\Coupon Companion Plugin 2013-02-06 12:42:10 203544 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2013-02-06 12:42:08 102936 ----a-w- C:\Windows\System32\drivers\ssudbus.sys . ==================== Find3M ==================== . 2013-03-05 01:24:58 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-03-05 01:24:58 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-01 02:11:38 60 ----a-w- C:\Windows\wpd99.drv 2013-02-27 18:47:24 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 18:47:24 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-18 22:40:35 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-30 07:40:53 1130384 ----a-w- C:\Windows\System32\dlumd64.dll 2013-01-30 07:40:51 937360 ----a-w- C:\Windows\SysWow64\dlumd32.dll 2013-01-30 07:40:49 106384 ----a-w- C:\Windows\System32\DLTmmB.dll 2013-01-30 07:40:48 103312 ----a-w- C:\Windows\System32\ManageTMMLifeTime.dll 2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-17 18:33:50 60864 ----a-w- C:\Users\Aheath\g2mdlhlpx.exe 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-08-13 19:06:31 4024320 ----a-w- C:\Program Files (x86)\GUT1E76.tmp . ============= FINISH: 21:05:49.08 ===============
  24. Hello I installed PrivitizeVPN, it caused all browsers to hang and freeze, and chrome to prompt an error "Unable to find locale data files. Please reinstall" I tried uninstalling the VPN, did System Restore, Malwarebytes, all no use :'( Thank you and also please keep me in your thoughts I am gravely ill Deleting the Chrome extension MagniPic added, did not do anything. :'( attach.txt dds.txt
  25. Hi there, I'm sorry - I've spent days trying to figure this out, but I've had no luck. Earlier in the year (early July), I stepped out for lunch and a coworker installed some BlackBerry backup software ("MagicBerry") onto my machine. Along with it came an annoying "appbario8" search toolbar in all of my browsers. I removed it as best I could in the browser settings for Chrome, FF, and IE. Fast forward to two weeks ago when it suddenly makes a comeback. Somehow, an instance of Chrome is booting on my Windows startup with appbario8 installed, even though Chrome isn't in my list of startup processes. This has never happened before two weeks ago. If I delete the extension, it has "grown back" on the next boot. I've checked my startup processes, as well as Add/Remove Programs. I've been through my C:/ drive with a magnifying glass... but I've not come up with anything to fix the issue. Another interesting thing is that this instance of Chrome appears separate from the one I have pinned to the taskbar. Clicking the pinned Chrome opens a regular instance (Google default search, no appbario8 extension, no toolbar, previous tabs), and the two instances don't merge on the taskbar, as two windows of the same program typically would. I found 3 "events.js" files in a Uninstall Information folder on C:/. I've attached one as "events.txt", as they seem VERY suspect and might shed some light as to how to get this program off. I've moved the "Uninstall Information" folder off of my C drive and deleted a folder in Program Files (x86) called Conduit. I know that I should have waited to do this - sorry if it makes this harder at all. ("Conduit" is a search utility synonymous with appbario8, as far as I can tell) Thank you so much. I look forward to hearing back from you. R ps - I apologize for the bloated Programs list, I didn't realize how absurd the number of games I've bought is until scanning through... attach.txt dds.txt events.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.