Redirected to this forum? Invisible Ads? Infected laptop?

[yololemon]

Hi,

I was redirected from this forum:

http://forums.malwarebytes.org/index.php?showtopic=127629&hl=&fromsearch=1

I'm pretty positive my computer has a virus.

Also, it might say I have two or more antivirus programs, and that may or may not be true.

At one point I downloaded Norton for a free trial, and something caused it to never work (for example, I would click on it to open, and it never would, or it would open for a split second and close before I can try to scan anything. I've tried everything to remove it from my laptop, but it will not uninstall.), and then I was told to download Malwarebites, so there's the second one.

Here are my logs:

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16611

Run by Vanessa at 1:46:17 on 2013-06-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.1174 [GMT -7:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe

C:\windows\SysWOW64\PnkBstrA.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\WUDFHost.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\AlwaysUseProtection\mbam.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://xfinity.comcast.net/?cid=cgps06112013

uDefault_Page_URL = hxxp://start.toshiba.com/g/

uProxyOverride = <local>

mWinlogon: Userinit = userinit.exe,

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\IPS\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\AlwaysUseProtection\mbamgui.exe /install /silent

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}\3547574656E647 : DHCPNameServer = 172.21.1.1

TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}\4455C455E65647 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}\6484233473 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\trhcjnpy.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-06-08 00:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\trhcjnpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-06-08 12:28; xkit@studioxenix.com; C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\trhcjnpy.default\extensions\xkit@studioxenix.com.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NAVx64\1403010.016\symds64.sys [2013-6-4 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NAVx64\1403010.016\symefa64.sys [2013-6-4 1139800]

R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\windows\System32\drivers\NAVx64\1403010.016\ccsetx64.sys [2013-6-4 168096]

R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\System32\drivers\NSTx64\7DD03030.013\ccsetx64.sys [2013-6-4 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130604.001\IDSviA64.sys [2013-6-4 513184]

R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NAVx64\1403010.016\ironx64.sys [2013-6-4 224416]

R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccsvchst.exe [2013-6-4 144520]

R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccsvchst.exe [2013-6-4 144520]

R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-6-18 9216]

R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-18 38096]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-3-20 21712]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NAVx64\1403000.024\symnets.sys [2013-6-4 432800]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-18 51512]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-25 1255736]

.

=============== Created Last 30 ================

.

2013-06-17 07:28:04 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-06-17 07:28:04 -------- d-----w- C:\Program Files (x86)\AlwaysUseProtection

2013-06-13 08:10:35 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll

2013-06-12 17:23:15 1054720 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe

2013-06-12 17:21:55 481280 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2013-06-12 17:21:50 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe

2013-06-12 01:42:59 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\ID Vault

2013-06-12 01:41:41 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite

2013-06-12 01:41:23 -------- d-----w- C:\ProgramData\White Sky, Inc

2013-06-11 23:32:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-11 22:44:38 -------- d-----w- C:\Users\Vanessa\AppData\Local\White_Sky,_Inc

2013-06-11 22:44:38 -------- d-----w- C:\ProgramData\IsolatedStorage

2013-06-11 22:44:34 -------- d-----w- C:\Users\Vanessa\AppData\Local\ID Vault

2013-06-05 05:07:20 168096 ----a-w- C:\windows\System32\drivers\NSTx64\7DD03030.013\ccsetx64.sys

2013-06-05 05:07:14 -------- d-----w- C:\windows\System32\drivers\NSTx64\7DD03030.013

2013-06-05 04:44:42 432800 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\symnets.sys

2013-06-05 04:44:42 23448 ----a-r- C:\windows\System32\drivers\NAVx64\1403010.016\symelam.sys

2013-06-05 04:44:42 1139800 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\symefa64.sys

2013-06-05 04:44:41 796248 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\srtsp64.sys

2013-06-05 04:44:41 493656 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\symds64.sys

2013-06-05 04:44:41 36952 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\srtspx64.sys

2013-06-05 04:44:41 224416 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\ironx64.sys

2013-06-05 04:44:41 168096 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\ccsetx64.sys

2013-06-05 03:18:14 -------- d-----w- C:\windows\System32\drivers\NAVx64\1403010.016

2013-06-04 21:40:12 168096 ----a-r- C:\windows\System32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys

2013-06-04 21:40:08 -------- d-----w- C:\windows\System32\drivers\NSTx64\7DD03000.01A

2013-06-04 21:40:08 -------- d-----w- C:\windows\System32\drivers\NSTx64

2013-06-04 21:40:08 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe

2013-06-04 21:39:28 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS

2013-06-04 21:39:27 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2013-06-04 21:37:51 796248 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\srtsp64.sys

2013-06-04 21:37:51 493656 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\SymDS64.sys

2013-06-04 21:37:51 432800 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\symnets.sys

2013-06-04 21:37:51 36952 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\srtspx64.sys

2013-06-04 21:37:51 23448 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\SymELAM.sys

2013-06-04 21:37:51 224416 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\Ironx64.sys

2013-06-04 21:37:51 168096 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\ccSetx64.sys

2013-06-04 21:37:51 1139800 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\SymEFA64.sys

2013-06-04 21:36:48 -------- d-----w- C:\windows\System32\drivers\NAVx64\1403000.024

2013-06-04 21:36:48 -------- d-----w- C:\windows\System32\drivers\NAVx64

2013-06-04 21:36:44 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus

2013-06-04 21:34:10 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2013-06-04 17:24:35 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06698115-670B-4135-A0B6-1B46C1A99B57}\mpengine.dll

2013-06-04 04:51:36 -------- d-----w- C:\Users\Vanessa\AppData\Local\{2ECA0655-9D84-451E-B7F6-9EBD8B952DB2}

2013-05-31 07:09:26 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\Malwarebytes

2013-05-31 07:09:05 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-22 00:43:17 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe

2013-05-22 00:43:17 209472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll

2013-05-21 02:15:01 -------- d-----w- C:\Users\Vanessa\AppData\Local\{6DFFB322-3CBD-42ED-9A0F-F9D18F3C7D06}

.

==================== Find3M ====================

.

2013-06-17 06:45:36 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-06-17 06:45:35 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 17:23:14 185344 ----a-w- C:\windows\SysWow64\elshyph.dll

2013-06-12 17:23:13 226304 ----a-w- C:\windows\System32\elshyph.dll

2013-06-12 17:23:12 158720 ----a-w- C:\windows\SysWow64\msls31.dll

2013-06-12 17:23:10 719360 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll

2013-06-12 17:23:10 150528 ----a-w- C:\windows\SysWow64\iexpress.exe

2013-06-12 17:23:10 138752 ----a-w- C:\windows\SysWow64\wextract.exe

2013-06-12 17:23:09 523264 ----a-w- C:\windows\SysWow64\vbscript.dll

2013-06-12 17:23:00 38400 ----a-w- C:\windows\SysWow64\imgutil.dll

2013-06-12 17:23:00 137216 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2013-06-12 17:23:00 12800 ----a-w- C:\windows\SysWow64\mshta.exe

2013-06-08 12:28:46 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-06-08 11:13:19 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-05-17 01:25:57 1767936 ----a-w- C:\windows\SysWow64\wininet.dll

2013-05-17 01:25:27 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-05-17 01:25:26 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-05-17 00:59:03 2241024 ----a-w- C:\windows\System32\wininet.dll

2013-05-17 00:58:10 3958784 ----a-w- C:\windows\System32\jscript9.dll

2013-05-17 00:58:08 67072 ----a-w- C:\windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\windows\System32\iesysprep.dll

2013-05-14 12:23:25 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe

2013-05-14 08:40:13 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe

2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll

2013-04-17 07:02:06 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\windows\System32\win32k.sys

2013-03-31 22:52:16 1887232 ----a-w- C:\windows\System32\d3d11.dll

2013-03-20 19:32:09 21712 ----a-w- C:\windows\SysWow64\drivers\DrvAgent64.SYS

2013-03-20 04:35:08 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-03-20 04:35:08 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll

.

============= FINISH: 2:01:52.05 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/16/2011 9:26:04 PM

System Uptime: 6/17/2013 12:09:31 AM (2 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 1196/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 285 GiB total, 195.427 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: BHDrvx64

Device ID: ROOT\LEGACY_BHDRVX64\0000

Manufacturer:

Name: BHDrvx64

PNP Device ID: ROOT\LEGACY_BHDRVX64\0000

Service: BHDrvx64

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Virtual WiFi Miniport Adapter

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&E456F50&1&02

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter #2

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&E456F50&1&02

Service: vwifimp

.

Class GUID:

Description: Ethernet Controller

Device ID: PCI\VEN_1969&DEV_2060&SUBSYS_FF1E1179&REV_C1\4&2FDD9018&0&00E0

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_1969&DEV_2060&SUBSYS_FF1E1179&REV_C1\4&2FDD9018&0&00E0

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: AntiLog32

Device ID: ROOT\LEGACY_ANTILOG32\0000

Manufacturer:

Name: AntiLog32

PNP Device ID: ROOT\LEGACY_ANTILOG32\0000

Service: AntiLog32

.

==== System Restore Points ===================

.

RP306: 6/8/2013 12:39:45 AM - Installed Simple Adblock

RP307: 6/9/2013 7:00:30 PM - Windows Backup

RP309: 6/11/2013 4:09:38 PM - Windows Backup

RP308: 6/11/2013 6:26:09 PM - Restore Operation

RP310: 6/11/2013 9:35:06 PM - Windows Update

RP312: 6/12/2013 9:57:28 AM - Windows Update

RP313: 6/13/2013 1:09:25 AM - Windows Update

RP314: 6/14/2013 6:08:26 PM - Removed Mumble 1.2.3

RP315: 6/16/2013 2:18:29 AM - Windows Update

RP316: 6/16/2013 3:00:13 AM - Windows Update

RP317: 6/16/2013 10:07:10 PM - Windows Backup

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Best Buy pc app

Conexant HD Audio

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Intel® Graphics Media Accelerator Driver

Label@Once 1.0

League of Legends

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Norton AntiVirus

Norton Identity Safe

PlayReady PC Runtime x86

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

Skype™ 6.5

swMSM

Synaptics Pointing Device Driver

System Requirements Lab CYRI

System Requirements Lab for Intel

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Disc Creator

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

6/17/2013 12:10:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64

6/16/2013 2:13:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

6/16/2013 2:11:18 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 2:11:18 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2013 10:08:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

6/16/2013 10:08:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

6/16/2013 10:07:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/16/2013 10:06:46 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The pipe has been ended.

6/15/2013 6:05:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80052fb610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061513-23618-01.

6/15/2013 3:16:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

6/14/2013 2:02:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f87bba, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061413-86362-01.

6/13/2013 7:00:25 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MICHELLE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}. The master browser is stopping or an election is being forced.

6/13/2013 10:57:57 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation.

6/12/2013 7:16:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.

6/12/2013 2:22:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

6/11/2013 9:56:05 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed

6/11/2013 9:22:26 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

6/11/2013 6:43:25 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

6/11/2013 4:37:43 PM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).

6/11/2013 3:06:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 2:46:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

6/11/2013 2:30:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

6/11/2013 2:29:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/11/2013 2:29:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/11/2013 2:29:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/11/2013 2:28:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/11/2013 2:28:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/11/2013 2:28:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV ccSet_NST discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

6/11/2013 2:28:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800021b9bba, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061113-25240-01.

6/11/2013 2:21:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004cf33ef, 0x0000000000000000, 0x000000007efa003c). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061113-22276-01.

.

==== End Of File ===========================

[Psychotic]

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please download Gmer from here by clicking on the "Download EXE" Button.

• Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • Sections
    
  • IAT/EAT
    
  • Show All ( should be unchecked by default )
    

  [*]Leave everything else as it is.

  [*]Close all other running programs as well as your Browser.

  [*]Click the Scan button & wait for it to finish.

  [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

  [*]Save it where you can easily find it, such as your desktop.

  [*]Please post the content of the ark.txt here.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[yololemon]

Here is the ark file/text.

ark.txt

[Psychotic]

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

• Double click the mbar.zip file to open it, then 'Extract all files'.
• Double click the mbar folder to open it, then double click mbar.exe to start the tool.
  

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

[yololemon]

Like this?

if that's not the right thing here's a screenshot

system-log.txt

[Psychotic]

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

[yololemon]

Hi,
I made sure to wait at least a day before getting back to you, just in case.
Since I used the 'clean up' option, there has been no invisible ads playing in the background. I am also able to play my computer games (League of Legends) without lag, freezing, or the window closing and not opening after (which happened nearly every time, causing me to stop playing). Because of this, I think it might be safe to say that my problems are resolved, and I would like to thank you sooooooo much for helping me!

system-log.txt

[Psychotic]

Combofix


Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!

• Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
• Run Combofix.exe
  

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!