Author Topic: Slow computer and internet problems. Think Infected? (Read 18387 times)

az_shyguy · « **on:** June 27, 2014, 05:29:21 PM »

Hello!
My moms computer I believe is still infected with something and would like your help to figure it out. I have done what I am capable of for last couple days and know I cannot do anything else without further assistance from a specialist.

Problem is: computer is taking a long time to boot up and when the screen gets to windows desktop, the icons on there are all white and slowly start showing icons one at a time, whereas before it showed all icons when windows desktop came up. Also when you click on programs it takes at least a minute or longer for the programs to open ( I have timed it), they used to pop right up.
Other Problem is: when you go on the internet it takes forever to bring the homepage up and if you try going to other sites it just hangs and will not open the website unless you hit refresh or reload several times and then it will finally load the page or says page cannot be displayed. this is intermittent and sometimes works and sometimes it doesn't. it is the same thing on all three browsers she has on here (IE, Firefox and Opera) She only plays pogo games and now cannot do that as it says she doesn't have java or cannot load the applet in there. When some websites do come up the page is scrambled with letters over the top of each other and images might load half of the image. Hard to explain $:-\$ and sometimes doesn't load whole page.
I have done quite abit to try and rectify the problem. I first tried to restore to an earlier time and restore came back saying it couldn't restore. tried in normal and safe mode. So I decided to just do some clean up and see if it would help. I first ran Advanced system care pro ( which improved it a litte bit but not much. long story short I ran ccleaner & malewarebytes which found pup's which it removed or quarantined , then ran iobit maleware fighter (it found nothing) , Ran adwcleaner and cleaned, then Junk removal tool and also ran hitman pro 3.7 which found quite a bit of stuff including what it said was remnants of maleware. I scanned with zonealarm antivirus and MSE (full scans).. I did run them scans with one antivirus disabled while the other one was running. Neither one found any threats. I made sure all windows updates where up to date. made sure flashplayer and java was up to date.. installed updated IE to version 11.. uninstalled firefox and opera with Iobit uninstaller pro and reinstalled. Ran iobit's smart defrag 3 pro. I also went to your highjack this processing tool but wasn't sure on what to fix except two items seemed a little scary to me. made sure all tools were updated before running. oh and I forgot to say I thought maybe it was the wireless on comp so plugged in Ethernet cord and still same problems. have two other computers running here and they have not had any problems.
so my hands are up in the air hollering for help now.. I hope I didn't screw it up any more than what it was

.. guess I should have just came here first... but I really hate to bug you guys.. Hope you can help! and thank you in advance will post logs I ran today, but really don't think will help you much, but then again you are the experts in deciphering them.

Also I should add that when I shutdown or restart computer before it shuts down it pops up saying that there is an application or program running in the background that needs to be closed.. so I guess it closes it and then restarts or shutsdown. it has never done this before.

Computer is a Hp Pavilion p6000, 2900 Mhz, 64bit amd Athlon II 635 Quad-core, running windows 7 home edition with 4Gb system memory,

will tell you beforehand there is 2 A/V's on here but the zonealarm a/v is disabled and I run MSE and the zonealarm firewall

might be ahead of myself but will send JRT log too!

will wait for instructions!

here are the logs:

# AdwCleaner v3.213 - Report created 27/06/2014 at 10:47:10
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Carol Lee - CAROLLEE-HP
# Running from : C:\Users\Carol Lee\Desktop\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Carol Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ddmw2q4j.default\user.js
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Carol Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ddmw2q4j.default\prefs.js ]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5088 octets] - [18/01/2014 20:02:22]
AdwCleaner[R1].txt - [4186 octets] - [23/06/2014 17:13:15]
AdwCleaner[R2].txt - [1055 octets] - [24/06/2014 12:06:20]
AdwCleaner[R3].txt - [1338 octets] - [27/06/2014 09:15:40]
AdwCleaner[R4].txt - [1398 octets] - [27/06/2014 10:45:24]
AdwCleaner[S0].txt - [5016 octets] - [18/01/2014 20:05:35]
AdwCleaner[S1].txt - [4327 octets] - [23/06/2014 17:21:32]
AdwCleaner[S2].txt - [1117 octets] - [24/06/2014 12:07:50]
AdwCleaner[S3].txt - [1323 octets] - [27/06/2014 10:47:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1383 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/27/2014
Scan Time: 11:12:40 AM
Logfile: mbam log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.27.07
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Carol Lee

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290530
Time Elapsed: 13 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
ZoneAlarm Antivirus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 7 Update 60
Adobe Flash Player 14.0.0.125
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm ZAPrivacyService.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````[/u]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Carol Lee on Fri 06/27/2014 at 12:40:45.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/27/2014 at 13:12:11.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SuperDave · « **Reply #1 on:** June 28, 2014, 01:00:50 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

az_shyguy · « **Reply #2 on:** June 29, 2014, 01:13:09 PM »

Thanks SuperDave for quick response..

I finally got Java to work on her pogo games when the web will come up by lowering the security level on java from High(recommended) down to medium.

Ok here are the logs you instructed to receive.

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.06.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17126
Carol Lee :: CAROLLEE-HP [administrator]

6/29/2014 12:29:04 PM
mbar-log-2014-06-29 (12-29-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 292289
Time elapsed: 16 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17126

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.892000 GHz
Memory total: 4025782272, free: 2337087488

Downloaded database version: v2014.06.29.08
Downloaded database version: v2014.06.23.02
=======================================
Initializing...
------------ Kernel report ------------
06/29/2014 12:28:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8005afd060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa8005917b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8005afc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xfffffa8005916b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8005ac2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xfffffa80058fcb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005ac5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xfffffa8005908b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003ef0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005e\
Lower Device Object: 0xfffffa8003e1a9c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003ef0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003ef0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003ef0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003e20ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8003e1a9c0, DeviceName: \Device\0000005e\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 24B20C17

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1439606784

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1439813632 Numsec = 25331712

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8005ac5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800591ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005ac5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005915a20, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8005908b60, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8005ac2060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005ac2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005ac2060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005911bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80058fcb60, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8005afc060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005afcb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005afc060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005919bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8005916b60, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8005afd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005afdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005afd060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005914bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8005917b60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
Run by Carol Lee at 10:25:24 on 2014-06-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2221 [GMT -6:00]
.
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Windows\SysWOW64\HPZipm12.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
mRun: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 67.142.180.10 67.142.180.11 192.168.1.1
TCP: Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} : DHCPNameServer = 67.142.180.10 67.142.180.11 192.168.1.1
TCP: Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} : DHCPNameServer = 67.142.180.10 67.142.180.11 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\smartmenu.exe /background
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carol Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ddmw2q4j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-30 64272]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-5-15 21184]
R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-1-25 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-1-25 61712]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-11-25 881952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-30 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-13 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-3-29 342336]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-11-30 635416]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2012-5-27 372736]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2012-5-27 447488]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-6-26 290520]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-11 46136]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-6-7 34848]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-24 901848]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-30 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-25 2152736]
S2 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2012-5-27 625728]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-7-23 245760]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-26 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-1 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-24 56832]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-6-7 23016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-25 1255736]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-6-7 23048]
.
=============== Created Last 30 ================
.
2014-06-29 14:38:59   10779000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47F8B498-4860-4526-B79E-EB86F9C23EDD}\mpengine.dll
2014-06-28 18:42:28   --------   d-----w-   C:\Users\Carol Lee\AppData\Local\Adobe
2014-06-28 13:58:10   10779000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-28 13:45:41   98216   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-28 05:07:10   --------   d-----w-   C:\Users\Carol Lee\AppData\Local\CrashDumps
2014-06-26 15:37:11   128728   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-26 13:25:40   --------   d-----w-   C:\ProgramData\RogueKiller
2014-06-26 13:24:54   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-06-26 12:57:45   --------   d-----w-   C:\Windows\System32\SRSLabs
2014-06-26 12:29:28   --------   d-----w-   C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-26 11:59:36   --------   d-----w-   C:\Program Files (x86)\Opera Next
2014-06-26 11:03:33   --------   d-sh--w-   C:\Users\Carol Lee\AppData\Local\EmieUserList
2014-06-26 11:03:33   --------   d-sh--w-   C:\Users\Carol Lee\AppData\Local\EmieSiteList
2014-06-24 20:46:51   901848   ----a-w-   C:\Windows\System32\drivers\Rt64win7.sys
2014-06-24 20:46:51   73800   ----a-w-   C:\Windows\System32\RtNicProp64.dll
2014-06-24 13:44:58   6574592   ----a-w-   C:\Windows\System32\mstscax.dll
2014-06-24 13:44:58   5694464   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2014-06-24 13:28:59   1147392   ----a-w-   C:\Windows\System32\mstsc.exe
2014-06-24 13:28:59   1068544   ----a-w-   C:\Windows\SysWow64\mstsc.exe
2014-06-24 13:28:58   855552   ----a-w-   C:\Windows\SysWow64\rdvidcrl.dll
2014-06-24 13:28:58   1057280   ----a-w-   C:\Windows\System32\rdvidcrl.dll
2014-06-24 11:33:38   7717984   ----a-w-   C:\Windows\System32\drivers\kl1.sys
2014-06-24 11:33:33   92768   ----a-w-   C:\Windows\System32\drivers\klflt.sys
2014-06-24 04:24:04   1031560   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4942B9E-B38C-496A-8283-DFEE5F2DD2FE}\gapaengine.dll
2014-06-24 01:30:04   --------   d-----w-   C:\Program Files\HitmanPro
2014-06-24 01:28:42   --------   d-----w-   C:\ProgramData\HitmanPro
2014-06-21 00:20:21   801280   ----a-w-   C:\Windows\System32\usp10.dll
2014-06-21 00:20:21   626688   ----a-w-   C:\Windows\SysWow64\usp10.dll
2014-06-21 00:20:02   288192   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-21 00:20:02   1903552   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2014-06-19 02:59:16   3178496   ----a-w-   C:\Windows\System32\rdpcorets.dll
2014-06-19 02:59:16   16384   ----a-w-   C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-17 23:56:50   2002432   ----a-w-   C:\Windows\System32\msxml6.dll
2014-06-17 23:56:50   1882112   ----a-w-   C:\Windows\System32\msxml3.dll
2014-06-17 23:56:49   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2014-06-17 23:56:49   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2014-06-17 23:56:49   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2014-06-17 23:56:49   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2014-06-17 23:56:49   1389056   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2014-06-17 23:56:49   1237504   ----a-w-   C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2014-06-29 15:40:59   92888   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-28 16:50:32   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-28 16:50:32   699056   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-24 20:46:51   107552   ----a-w-   C:\Windows\System32\RTNUninst64.dll
2014-05-30 10:02:37   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36   752640   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22   5782528   ----a-w-   C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36   38400   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56   592896   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22   2040832   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46   32256   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56   2266112   ----a-w-   C:\Windows\System32\wininet.dll
2014-05-30 07:56:50   4244992   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38   1964544   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10   1790976   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-05-12 13:25:56   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-05-09 06:14:03   477184   ----a-w-   C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23   424448   ----a-w-   C:\Windows\System32\aeinv.dll
2014-04-25 05:03:34   450968   ----a-w-   C:\Windows\System32\drivers\vsdatant.sys
2014-04-12 02:22:05   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37   28160   ----a-w-   C:\Windows\System32\secur32.dll
2014-04-12 02:19:32   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05   31232   ----a-w-   C:\Windows\System32\lsass.exe
2014-04-12 02:12:06   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2011-04-22 05:50:40   495   ----a-w-   C:\Program Files (x86)\0421201123504043.bat
.
============= FINISH: 10:26:47.12 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2010 5:20:05 PM
System Uptime: 6/29/2014 8:17:22 AM (2 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Athlon(tm) II X4 635 Processor | CPU 1 | 2900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 573.158 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.476 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1434: 6/24/2014 7:25:07 AM - Windows Update
RP1435: 6/24/2014 7:45:07 AM - Windows Update
RP1436: 6/24/2014 7:47:04 AM - Windows Update
RP1437: 6/24/2014 2:43:23 PM - before driver booster update
RP1438: 6/24/2014 2:45:52 PM - Driver Booster : Realtek PCIe FE Family Controller
RP1439: 6/24/2014 8:48:32 PM - IObit Uninstaller restore point
RP1440: 6/24/2014 8:49:04 PM - Removed Java 7 Update 60
RP1441: 6/24/2014 9:06:32 PM - Installed Java 7 Update 60
RP1442: 6/25/2014 5:24:21 PM - Windows Update
RP1443: 6/25/2014 9:02:55 PM - Windows Backup
RP1444: 6/26/2014 4:35:47 AM - bdfore updates
RP1445: 6/26/2014 4:37:46 AM - Windows Update
RP1446: 6/26/2014 5:02:39 AM - IObit Uninstaller restore point
RP1447: 6/26/2014 5:39:09 AM - before updates
RP1448: 6/26/2014 5:40:03 AM - Windows Update
RP1449: 6/26/2014 5:55:28 AM - before new opera install
RP1450: 6/26/2014 6:15:14 AM - IObit Uninstaller restore point
RP1451: 6/26/2014 6:48:50 AM - before driverbooster(iobit) update
RP1452: 6/26/2014 6:55:02 AM - Driver Booster : Realtek High Definition Audio
RP1453: 6/26/2014 7:41:03 AM - before deleting from roguekiller scan
RP1454: 6/27/2014 9:28:01 AM - IObit Uninstaller restore point
RP1455: 6/27/2014 9:32:43 AM - IObit Uninstaller restore point
RP1456: 6/27/2014 9:39:47 AM - Installed Rapport
RP1457: 6/27/2014 9:54:19 AM - Installed Rapport
RP1458: 6/27/2014 10:21:02 AM - Installed Rapport
RP1459: 6/27/2014 8:07:32 PM - Installed Rapport
RP1460: 6/27/2014 9:13:03 PM - Installed Rapport
RP1461: 6/28/2014 6:00:33 AM - IObit Uninstaller restore point
RP1462: 6/28/2014 6:00:57 AM - Removed Java 7 Update 60
RP1463: 6/28/2014 6:08:18 AM - IObit Uninstaller restore point
RP1464: 6/28/2014 6:26:46 AM - Installed Rapport
RP1465: 6/28/2014 6:43:44 AM - Installed Rapport
RP1466: 6/28/2014 7:45:07 AM - Installed Java 7 Update 60
RP1467: 6/28/2014 10:30:28 AM - Installed Rapport
RP1468: 6/28/2014 12:38:52 PM - Installed Rapport
RP1469: 6/29/2014 8:21:09 AM - Installed Rapport
RP1470: 6/29/2014 8:28:48 AM - Windows Backup
RP1471: 6/29/2014 8:38:17 AM - Windows Update
RP1472: 6/29/2014 9:38:08 AM - before malewarybytes antiroot scan
RP1473: 6/29/2014 10:22:06 AM - before dds scan
.
==== Installed Programs ======================
.
AccelerateTab
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
Advanced SystemCare 7
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Problem Report Wizard
AMD VISION Engine Control Center
Brother MFL-Pro Suite MFC-J415W
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
CinemaNow Media Manager
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Driver Booster
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
FATE
Final Drive Nitro
Fishdom
Game Assistant
Heroes of Hellas 2 - Olympia
HitmanPro 3.7
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Product Detection
HP Setup
HP Software Update
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HydraVision
Internet Explorer (Enable DEP)
IObit Malware Fighter
IObit Uninstaller
Java 7 Update 60
Java Auto Updater
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Opera Next 23.0.1522.24
PaperPort Image Printer 64-bit
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
Pogo Games
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Ralink 802.11n Wireless LAN Card
Rapport
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Smart Defrag 3
Surfing Protection
swMSM
Ulead Drop Spot 1.0
Ulead Photo Explorer 8.0
Ulead PhotoImpact XL
Update Installer for WildTangent Games App
VC 9.0 Runtime
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Wheel of Fortune 2
WildTangent Games App for HP
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Install Manager
Yahoo! Software Update
Zinio Reader 4
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Security
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
6/29/2014 8:19:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
6/29/2014 8:17:40 AM, Error: volmgr [46] - Crash dump initialization failed!
6/28/2014 9:54:17 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.139. The computer with the IP address 192.168.1.126 did not allow the name to be claimed by this computer.
6/28/2014 8:47:06 AM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
6/28/2014 7:03:45 AM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DOUGII-PC.
.
==== End Of File ===========================

Will be waiting further instructions, Thanks!

az_shyguy · « **Reply #3 on:** July 04, 2014, 11:35:41 AM »

Still with me SuperDave?

SuperDave · « **Reply #4 on:** July 04, 2014, 01:26:07 PM »

The log shows that you have two AV's on your computer; ZoneAlarm Antivirus and Microsoft Security Essentials. Please make sure that only one AV is active at any time on your computer.

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

az_shyguy · « **Reply #5 on:** July 06, 2014, 10:16:22 AM »

Hello Superdave!

Yes I know I have to A/V's.. posted that in my first post in this thread. ( guess you missed it) I have zone alarm a/v disabled and use the MSE a/v and zone alarm's firewall which you cannot get without the a/v attached.

Here is the RogueKiller report, will be waiting further instructions..... Thanks again for your help!

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Carol Lee [Admin rights]
Mode : Scan -- Date : 07/06/2014 09:41:59

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 23 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\{BC2E9F2B-4415-4A7B-8A5F-EB1D8A23BD07} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Carol Lee\Downloads\jre-6u29-windows-i586-s.exe" -d "C:\Users\Carol Lee\Downloads") -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721075CLA332 SATA Disk Device +++++
--- User ---
[MBR] 787f3cfcf7704d44b5cb43f3f629012c
[BSP] 36f47b55b9edb73b90a3ce4d63ef4d5c : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 702933 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1439813632 | Size: 12369 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] e6bdd4c12305eac649249713d20e76a8
[BSP] ae9fcc0739773fcf778ecffb5fcb9c31 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 264071168 | Size: 300 MB

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_06262014_073632.log

SuperDave · « **Reply #6 on:** July 06, 2014, 10:32:53 AM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

az_shyguy · « **Reply #7 on:** July 08, 2014, 10:38:47 AM »

Eset report!

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth173.dll.old.vir   Win32/Toolbar.Widgi.A potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wthx173.dll.old.vir   Win64/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Performer\PCPerformer.dll.vir   Win32/PCPerformer.B potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\CUninstaller.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\zatb.exe   Win32/Toolbar.Montiera.I potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCpatch.exe   a variant of Win32/Toolbar.Widgi potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCPatch.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Toolbar\iobitappsToolbar-stub-1.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\MyWebFace_5aEI\Installr\1.bin\5aEZSETP.dll   a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application   deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebFace_5aEI\Installr\1.bin\5aEZSETP.dll.vir   a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Documents\Downloads\setupautoscreenrecorderfree.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\asc-setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\imfv2-setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\zafwSetup_120_118_000.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\temporary\IObit-Malware-Figher-Setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\temporary\smart-defrag-setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\temporary\zafwSetupWeb_132_015_000.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined

awaiting further instructions!! still trouble with page cannot be displayed?

SuperDave · « **Reply #8 on:** July 08, 2014, 02:39:16 PM »

What browser are you using?

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

az_shyguy · « **Reply #9 on:** July 13, 2014, 02:04:22 PM »

Hello SuperDave....

Sorry it took so long to get back to you.

I ran into a serious problem after I tried to run aswMBR.exe? I was running it in normal windows and it got so far and then a pop-up came up saying "avast! antirootkit has stopped working" then 2 options, 1 to check online for a solution and close program or 2 to close program.. so I could not get a report as it doesn't finish. I then tried it in safe mode and got the same result.
Problem was that after I got out of safe mode and rebooted into normal windows, I lost my wireless network and had a pop-up that said Wi-Fi device not found. I also had a warning that I needed to turn on security action center. when I went to turn on the security action center it would not turn on and said it couldn't. I tried several things to get both working with no luck, so decided I would try a system restore. I didn't write down what it actually said, but restore would not open and give me a restore point to restore too. Anyhow a long story short I restarted computer and tapped F11 to get into recovery before windows booted. I did succeed in restoring back to July 4th. When rebooted back into windows had wireless network back and action center security was back on. I also could go into system restore again and it did have restore points back in there I could go to.
My thought was that since I restored back to July 4th that I should start again on the steps we had already done, being restoring back might have infections in it that was there before we was working on the issues. I have gone back through the steps again in the order we had done them before. So I am attaching all the logs again in up to where awsMBR.exe doesn't work. I hope that is ok?

# AdwCleaner v3.215 - Report created 13/07/2014 at 04:30:23
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Carol Lee - CAROLLEE-HP
# Running from : C:\Users\Carol Lee\Desktop\adwcleaner_3.215.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\IObit\Driver Booster
Folder Deleted : C:\ProgramData\IObit\Driver Booster
Folder Deleted : C:\Program Files (x86)\IObit\Driver Booster
Folder Deleted : C:\Users\Carol Lee\AppData\Roaming\IObit\Driver Booster
File Deleted : C:\Windows\System32\Tasks\Driver Booster Scan

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Carol Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ddmw2q4j.default\prefs.js ]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5088 octets] - [18/01/2014 20:02:22]
AdwCleaner[R1].txt - [4186 octets] - [23/06/2014 17:13:15]
AdwCleaner[R2].txt - [1055 octets] - [24/06/2014 12:06:20]
AdwCleaner[R3].txt - [1338 octets] - [27/06/2014 09:15:40]
AdwCleaner[R4].txt - [1398 octets] - [27/06/2014 10:45:24]
AdwCleaner[R5].txt - [2198 octets] - [13/07/2014 04:26:45]
AdwCleaner[S0].txt - [5016 octets] - [18/01/2014 20:05:35]
AdwCleaner[S1].txt - [4327 octets] - [23/06/2014 17:21:32]
AdwCleaner[S2].txt - [1117 octets] - [24/06/2014 12:07:50]
AdwCleaner[S3].txt - [1463 octets] - [27/06/2014 10:47:10]
AdwCleaner[S4].txt - [2020 octets] - [13/07/2014 04:30:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2080 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/13/2014
Scan Time: 4:39:30 AM
Logfile: mbam-log-2014-07-13(04-39-00).txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.13.01
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Carol Lee

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296264
Time Elapsed: 14 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
ZoneAlarm Antivirus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 7 Update 60
Adobe Flash Player 14.0.0.125
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm ZAPrivacyService.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````[/u]

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17207
Carol Lee :: CAROLLEE-HP [administrator]

7/13/2014 5:17:03 AM
mbar-log-2014-07-13 (05-17-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 297897
Time elapsed: 14 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
System-log
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17207

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.892000 GHz
Memory total: 4025782272, free: 2465492992

Downloaded database version: v2014.07.13.01
Downloaded database version: v2014.07.09.01
Initializing...
=======================================
------------ Kernel report ------------
07/13/2014 05:16:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8005afb060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xfffffa8005b05b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8005ae9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa80036de060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8005ae7060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xfffffa8005920b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005ae6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa800591db60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003ed3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005e\
Lower Device Object: 0xfffffa8003dfa9c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003ed3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003ed3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003ed3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003e01ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8003dfa9c0, DeviceName: \Device\0000005e\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 24B20C17

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1439606784

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1439813632 Numsec = 25331712

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8005ae6060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b04b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005ae6060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005a93bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa800591db60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8005ae7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b07b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005ae7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005862bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8005920b60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8005ae9060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80044c5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005ae9060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80058d8bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80036de060, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8005afb060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b08b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005afb060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005b01bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8005b05b60, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.60.2
Run by Carol Lee at 5:39:46 on 2014-07-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2555 [GMT -6:00]
.
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Outdated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Windows\SysWOW64\HPZipm12.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
mRun: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 67.142.180.10 67.142.180.11 192.168.1.1
TCP: Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} : DHCPNameServer = 67.142.180.10 67.142.180.11 192.168.1.1
TCP: Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} : DHCPNameServer = 67.142.180.10 67.142.180.11 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\smartmenu.exe /background
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carol Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ddmw2q4j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-30 64272]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-5-15 21184]
R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-1-25 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-1-25 61712]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-11-25 881952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-30 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-13 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-3-29 342336]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-11-30 635416]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2012-5-27 372736]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2012-5-27 447488]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-6-26 290520]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-11 46136]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-6-7 34848]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-24 901848]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-30 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-25 2152736]
S2 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2012-5-27 625728]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-7-23 245760]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-12 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-1 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-24 56832]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-6-7 23016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-25 1255736]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-6-7 23048]
.
=============== Created Last 30 ================
.
2014-07-12 13:34:14   1031560   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F920672E-4338-4070-8E71-241873E1E2D1}\gapaengine.dll
2014-07-12 13:33:30   10779000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A020C71-0969-4445-B592-B6A8AA1AEF1A}\mpengine.dll
2014-07-12 13:24:23   497152   ----a-w-   C:\Windows\System32\drivers\afd.sys
2014-07-12 13:22:32   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-07-12 13:22:32   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-07-12 13:22:32   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-07-12 13:03:04   10779000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-12 03:56:42   --------   d-----w-   C:\Users\Carol Lee\AppData\Local\Adobe
2014-07-08 11:01:20   --------   d-----w-   C:\Program Files (x86)\ESET
2014-06-28 13:45:41   98216   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-28 05:07:10   --------   d-----w-   C:\Users\Carol Lee\AppData\Local\CrashDumps
2014-06-26 15:37:11   128728   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-26 13:25:40   --------   d-----w-   C:\ProgramData\RogueKiller
2014-06-26 13:24:54   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-06-26 12:57:45   --------   d-----w-   C:\Windows\System32\SRSLabs
2014-06-26 12:29:28   --------   d-----w-   C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-26 11:59:36   --------   d-----w-   C:\Program Files (x86)\Opera Next
2014-06-26 11:03:33   --------   d-sh--w-   C:\Users\Carol Lee\AppData\Local\EmieUserList
2014-06-26 11:03:33   --------   d-sh--w-   C:\Users\Carol Lee\AppData\Local\EmieSiteList
2014-06-24 20:46:51   901848   ----a-w-   C:\Windows\System32\drivers\Rt64win7.sys
2014-06-24 20:46:51   73800   ----a-w-   C:\Windows\System32\RtNicProp64.dll
2014-06-24 13:44:58   6574592   ----a-w-   C:\Windows\System32\mstscax.dll
2014-06-24 13:44:58   5694464   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2014-06-24 13:28:59   1147392   ----a-w-   C:\Windows\System32\mstsc.exe
2014-06-24 13:28:59   1068544   ----a-w-   C:\Windows\SysWow64\mstsc.exe
2014-06-24 13:28:58   855552   ----a-w-   C:\Windows\SysWow64\rdvidcrl.dll
2014-06-24 13:28:58   1057280   ----a-w-   C:\Windows\System32\rdvidcrl.dll
2014-06-24 11:33:38   7717984   ----a-w-   C:\Windows\System32\drivers\kl1.sys
2014-06-24 11:33:33   92768   ----a-w-   C:\Windows\System32\drivers\klflt.sys
2014-06-24 01:30:04   --------   d-----w-   C:\Program Files\HitmanPro
2014-06-24 01:28:42   --------   d-----w-   C:\ProgramData\HitmanPro
2014-06-21 00:20:21   801280   ----a-w-   C:\Windows\System32\usp10.dll
2014-06-21 00:20:21   626688   ----a-w-   C:\Windows\SysWow64\usp10.dll
2014-06-21 00:20:02   288192   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-21 00:20:02   1903552   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2014-06-19 02:59:16   3178496   ----a-w-   C:\Windows\System32\rdpcorets.dll
2014-06-19 02:59:16   16384   ----a-w-   C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-17 23:56:50   2002432   ----a-w-   C:\Windows\System32\msxml6.dll
2014-06-17 23:56:50   1882112   ----a-w-   C:\Windows\System32\msxml3.dll
2014-06-17 23:56:49   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2014-06-17 23:56:49   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2014-06-17 23:56:49   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2014-06-17 23:56:49   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2014-06-17 23:56:49   1389056   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2014-06-17 23:56:49   1237504   ----a-w-   C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M ====================
.
2014-07-13 11:12:13   92888   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-28 16:50:32   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-28 16:50:32   699056   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-24 20:46:51   107552   ----a-w-   C:\Windows\System32\RTNUninst64.dll
2014-06-19 01:06:55   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16   83968   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53   752640   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04   38400   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38   5721088   ----a-w-   C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55   62464   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07   2040832   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40   592896   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10   32256   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27   2266112   ----a-w-   C:\Windows\System32\wininet.dll
2014-06-18 22:52:18   4254720   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59   1964544   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59   1791488   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30   692736   ----a-w-   C:\Windows\System32\osk.exe
2014-06-18 01:51:32   646144   ----a-w-   C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36   3157504   ----a-w-   C:\Windows\System32\win32k.sys
2014-06-06 10:10:34   624128   ----a-w-   C:\Windows\System32\qedit.dll
2014-06-06 09:44:17   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47   340992   ----a-w-   C:\Windows\System32\schannel.dll
2014-05-30 08:08:41   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31   22016   ----a-w-   C:\Windows\System32\credssp.dll
2014-05-30 07:52:51   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45   247808   ----a-w-   C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41   220160   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2014-05-12 13:25:56   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-05-09 06:14:03   477184   ----a-w-   C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23   424448   ----a-w-   C:\Windows\System32\aeinv.dll
2014-04-25 05:03:34   450968   ----a-w-   C:\Windows\System32\drivers\vsdatant.sys
2011-04-22 05:50:40   495   ----a-w-   C:\Program Files (x86)\0421201123504043.bat
.
============= FINISH: 5:41:08.69 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS Attach (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2010 5:20:05 PM
System Uptime: 7/13/2014 4:31:33 AM (1 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Athlon(tm) II X4 635 Processor | CPU 1 | 783/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 572.088 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.476 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1461: 6/28/2014 6:00:33 AM - IObit Uninstaller restore point
RP1462: 6/28/2014 6:00:57 AM - Removed Java 7 Update 60
RP1463: 6/28/2014 6:08:18 AM - IObit Uninstaller restore point
RP1464: 6/28/2014 6:26:46 AM - Installed Rapport
RP1465: 6/28/2014 6:43:44 AM - Installed Rapport
RP1466: 6/28/2014 7:45:07 AM - Installed Java 7 Update 60
RP1467: 6/28/2014 10:30:28 AM - Installed Rapport
RP1468: 6/28/2014 12:38:52 PM - Installed Rapport
RP1469: 6/29/2014 8:21:09 AM - Installed Rapport
RP1470: 6/29/2014 8:28:48 AM - Windows Backup
RP1471: 6/29/2014 8:38:17 AM - Windows Update
RP1472: 6/29/2014 9:38:08 AM - before malewarybytes antiroot scan
RP1473: 6/29/2014 10:22:06 AM - before dds scan
RP1474: 6/29/2014 11:29:57 AM - Installed Rapport
RP1475: 6/30/2014 3:49:21 PM - Installed Rapport
RP1476: 7/1/2014 1:01:01 PM - Installed Rapport
RP1478: 7/2/2014 8:20:38 PM - Windows Update
RP1479: 7/3/2014 5:51:39 PM - Installed Rapport
RP1480: 7/3/2014 9:38:09 PM - Installed Rapport
RP1481: 7/4/2014 9:09:53 PM - Installed Rapport
RP1482: 7/5/2014 11:13:19 PM - Installed Rapport
RP1483: 7/6/2014 8:31:59 AM - Installed Rapport
RP1484: 7/7/2014 6:19:20 PM - Installed Rapport
RP1485: 7/7/2014 11:44:56 PM - Installed Rapport
RP1486: 7/8/2014 9:02:00 AM - Installed Rapport
RP1487: 7/8/2014 9:13:58 AM - Windows Update
RP1488: 7/8/2014 1:02:45 PM - Installed Rapport
RP1489: 7/9/2014 10:56:55 PM - Installed Rapport
RP1490: 7/10/2014 4:07:51 AM - Windows Update
RP1491: 7/10/2014 1:36:46 PM - Installed Rapport
RP1492: 7/11/2014 3:28:36 AM - Windows Update
RP1493: 7/11/2014 9:03:55 AM - Installed Rapport
RP1494: 7/11/2014 10:47:06 AM - Installed Rapport
RP1495: 7/12/2014 7:20:01 AM - before windows updates
RP1496: 7/12/2014 7:32:40 AM - Windows Update
RP1497: 7/12/2014 7:37:17 AM - Windows Update
RP1498: 7/12/2014 7:50:59 AM - Installed Rapport
RP1499: 7/12/2014 9:17:04 AM - Installed Rapport
.
==== Installed Programs ======================
.
AccelerateTab
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
Advanced SystemCare 7
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Problem Report Wizard
AMD VISION Engine Control Center
Brother MFL-Pro Suite MFC-J415W
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
CinemaNow Media Manager
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Driver Booster
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
FATE
Final Drive Nitro
Fishdom
Game Assistant
Heroes of Hellas 2 - Olympia
HitmanPro 3.7
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Product Detection
HP Setup
HP Software Update
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HydraVision
Internet Explorer (Enable DEP)
IObit Malware Fighter
IObit Uninstaller
Java 7 Update 60
Java Auto Updater
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Opera Next 23.0.1522.43
PaperPort Image Printer 64-bit
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
Pogo Games
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Ralink 802.11n Wireless LAN Card
Rapport
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Smart Defrag 3
Surfing Protection
swMSM
Ulead Drop Spot 1.0
Ulead Photo Explorer 8.0
Ulead PhotoImpact XL
Update Installer for WildTangent Games App
VC 9.0 Runtime
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Wheel of Fortune 2
WildTangent Games App for HP
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Install Manager
Yahoo! Software Update
Zinio Reader 4
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Security
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/9/2014 11:07:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.177.1944.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.10701.0    Error code: 0x80072ee2    Error description: The operation timed out
7/7/2014 6:27:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.177.1607.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.10701.0    Error code: 0x80072ee2    Error description: The operation timed out
7/7/2014 11:53:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.177.1607.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.10701.0    Error code: 0x80072ee2    Error description: The operation timed out
7/6/2014 8:40:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.177.1607.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.10701.0    Error code: 0x80072ee2    Error description: The operation timed out
7/6/2014 1:36:20 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.149. The computer with the IP address 192.168.1.126 did not allow the name to be claimed by this computer.
7/13/2014 4:33:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
7/13/2014 4:31:51 AM, Error: volmgr [46] - Crash dump initialization failed!
7/12/2014 9:13:28 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
7/12/2014 8:37:16 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.125. The computer with the IP address 192.168.1.126 did not allow the name to be claimed by this computer.
7/12/2014 8:11:25 AM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DOUGII-PC.
7/12/2014 6:39:34 AM, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/12/2014 6:39:34 AM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/12/2014 6:39:24 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/12/2014 6:31:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
7/12/2014 6:31:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 for x64-based Systems (KB2676562).
7/12/2014 6:31:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 for x64-based Systems (KB2871997).
7/11/2014 7:24:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 for x64-based Systems (KB2872339).
7/11/2014 5:21:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.177.2155.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.10701.0    Error code: 0x8024402c    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/11/2014 2:30:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.177.2155.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.10701.0    Error code: 0x8024402c    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/11/2014 2:16:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/11/2014 2:13:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF MpFilter spldr Wanarpv6
7/11/2014 2:13:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/11/2014 1:16:52 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/11/2014 1:11:40 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
7/10/2014 4:10:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2972280).
.
==== End Of File ===========================

RogueKiller V9.2.2.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Carol Lee [Admin rights]
Mode : Scan -- Date : 07/13/2014 05:56:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 23 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} | DhcpNameServer : 67

az_shyguy · « **Reply #10 on:** July 13, 2014, 02:32:55 PM »

Continuing from last reply/post.... Rogue killer was cut off so will start with it again.

RogueKiller V9.2.2.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Carol Lee [Admin rights]
Mode : Scan -- Date : 07/13/2014 05:56:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 23 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B72D5D25-A81D-4AC5-8178-0E9E82AD31AC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C0DFE58A-E4E0-4FD0-8121-90418640ABBC} | DhcpNameServer : 67.142.180.10 67.142.180.11 192.168.1.1 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-269304970-1696718345-3653957849-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721075CLA332 SATA Disk Device +++++
--- User ---
[MBR] 787f3cfcf7704d44b5cb43f3f629012c
[BSP] 36f47b55b9edb73b90a3ce4d63ef4d5c : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 702933 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1439813632 | Size: 12369 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] e6bdd4c12305eac649249713d20e76a8
[BSP] ae9fcc0739773fcf778ecffb5fcb9c31 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 264071168 | Size: 300 MB

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_06262014_073632.log - RKreport_SCN_07062014_094159.log

Online ESETscan report

C:\Program Files (x86)\CheckPoint\Install\CUninstaller.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\CheckPoint\Install\zatb.exe   Win32/Toolbar.Montiera.I potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCpatch.exe   a variant of Win32/Toolbar.Widgi potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCPatch.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Toolbar\iobitappsToolbar-stub-1.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Program Files (x86)\MyWebFace_5aEI\Installr\1.bin\5aEZSETP.dll   a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Documents\Downloads\setupautoscreenrecorderfree.exe   a variant of Win32/Toolbar.Conduit.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\asc-setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\imfv2-setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\zafwSetup_120_118_000.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\temporary\IObit-Malware-Figher-Setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\temporary\smart-defrag-setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application   deleted - quarantined
C:\Users\Carol Lee\Downloads\temporary\zafwSetupWeb_132_015_000.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined

I ran awsMBR.exe again and got the same result as I stated at the beginning of the last post.. program closes and I didn't try it in safe mode again. this is the details I got out of the pop-up to close it.
Problem signature:
Problem Event Name:   APPCRASH
Application Name:   aswMBR.exe
Application Version:   1.0.1.2041
Application Timestamp:   539e8df7
Fault Module Name:   aswMBR.exe
Fault Module Version:   1.0.1.2041
Fault Module Timestamp:   539e8df7
Exception Code:   c0000005
Exception Offset:   0004ca50
OS Version:   6.1.7601.2.1.0.768.3
Locale ID:   1033
Additional Information 1:   0a9e
Additional Information 2:   0a9e372d3b4ad19135b953a78882e789
Additional Information 3:   0a9e
Additional Information 4:   0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

I did notice in the awsMBR screen that it stopped at the line "Scanning: Service HP Support Assistant Service C:\Program Files(x86)\Hewlett-Packard (I couldn't read anymore of that path)
I opened up Suppot assitstant and I cannot do any functions in there. It brings it up but at the top it just says "An Error Occurred"
I was wondering if the fixdamage tool that is with malwarebytes antirootkit might fix it? $:-\$ I did notice in the awsMBR screen that it stopped at the line "Scanning: Service HP Support Assistant Service C:\Program Files(x86)\Hewlett-Packard (I couldn't read anymore of that path)
I opened up Suppot assitstant and I cannot do any functions in there. It brings it up but at the top it just says "An Error Occurred"
I was wondering if the fixdamage tool that is with malwarebytes antirootkit might fix it? $:-\$

I will be awaiting further thoughts and instructions!
Thanks again for your patience and time!

az_shyguy · « **Reply #11 on:** July 14, 2014, 09:58:28 AM »

Sorry about the double entry above on aswMBR.
Update on aswMBR problem

Good News!

after some checking and time I finally got hp support assistance uninstalled and reinstalled updated one from HP.
Ran the aswMBR.exe again and it finally could finish to give me a report. so here is the report.

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-14 09:42:48
-----------------------------
09:42:48.491 OS Version: Windows x64 6.1.7601 Service Pack 1
09:42:48.491 Number of processors: 4 586 0x503
09:42:48.491 ComputerName: CAROLLEE-HP UserName: Carol Lee
09:42:51.737 Initialize success
09:42:51.799 VM: initialized successfully
09:42:51.908 VM: Amd CPU BiosDisabled
09:42:53.874 VM: supported disk I/O storport.sys
09:43:03.189 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
09:43:03.189 Disk 0 Vendor: Hitachi_ JP3O Size: 715404MB BusType: 11
09:43:03.439 Disk 0 MBR read successfully
09:43:03.454 Disk 0 MBR scan
09:43:03.454 Disk 0 unknown MBR code
09:43:03.470 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:43:03.470 Disk 0 default boot code
09:43:03.486 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702933 MB offset 206848
09:43:03.517 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12369 MB offset 1439813632
09:43:03.673 Disk 0 scanning C:\Windows\system32\drivers
09:43:17.433 Service scanning
09:43:38.384 Modules scanning
09:43:38.399 Disk 0 trace - called modules:
09:43:38.431 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
09:43:38.431 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003ed2060]
09:43:38.431 3 CLASSPNP.SYS[fffff880020ba43f] -> nt!IofCallDriver -> [0xfffffa8003dffac0]
09:43:38.446 5 amd_xata.sys[fffff88001038d00] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8003df89c0]
09:43:38.446 Scan finished successfully
09:43:58.196 Disk 0 MBR has been saved successfully to "C:\Users\Carol Lee\Desktop\MBR.dat"
09:43:58.211 The log file has been saved successfully to "C:\Users\Carol Lee\Desktop\aswMBR.txt"

SuperDave · « **Reply #12 on:** July 14, 2014, 01:14:56 PM »

That was a good idea. The Security log shows you have two AV's on your computer; ZoneAlarm Antivirus and Microsoft Security Essentials. Please make sure that only one AV is active at any time on your computer.
How's your computer running now? Any other issues?

az_shyguy · « **Reply #13 on:** July 19, 2014, 01:06:51 AM »

hey SuperDave!
Thank you very much for your help...found a much more helpful person in another forum and comp is working fine.. told me hardrive is bad and test is bad..so changing hardrives and will see.. sorry you are only help on computerhope now and will be getting help on other site from now on.. you are the best though.. besides Broni who I think is the best malware and helpful person there is.. and you will come in second.. wish you would put a little more effort in helping people instead of automated responses.. computerhope is starting to let me down.. Got things fixed on another site.. think you should utilize other tools.. IMHO.. computerhope is getting behind in times.. Broni is best and I will follow him.. you are great..but seems you are the only one on computerhope helping people and I give you praise for that.. sorry you have to carry the load for computerhope..any other malware spewcialist should get their name off this site.. thank you for help..and sorry for stress you have..as seems you are the only one that helps people.. coudoos to you superdave..love ya.. and thanks for the help.. you can close this problem and I hope to see you in another forum.. as I will not ask for help in this one again... loved computerhope before.. but the help sucks now!!
can get much better help in other forums.. wont mention them, but you guys have lost people I loved here which is no longer.. and if they are not gonna help.. they should not be on list.. especially evilfantasy who I adored.. so if I haven't pissed you off yet.. do we need to do clean up! OHH.... and why do I have to repeat my antivirus status to you 3 times!!!
\

SuperDave · « **Reply #14 on:** July 19, 2014, 10:41:34 AM »

If you're receiving a new hard drive that will mean a new install of the OS so there's no clean up required.

Computer Hope Forum

News:

Author Topic: Slow computer and internet problems. Think Infected? (Read 18387 times)

az_shyguy

Slow computer and internet problems. Think Infected?

SuperDave

Re: Slow computer and internet problems. Think Infected?

az_shyguy

Re: Slow computer and internet problems. Think Infected?

az_shyguy

Re: Slow computer and internet problems. Think Infected?

SuperDave

Re: Slow computer and internet problems. Think Infected?

az_shyguy

Re: Slow computer and internet problems. Think Infected?

SuperDave

Re: Slow computer and internet problems. Think Infected?

az_shyguy

Re: Slow computer and internet problems. Think Infected?

SuperDave

Re: Slow computer and internet problems. Think Infected?

az_shyguy

Re: Slow computer and internet problems. Think Infected?

az_shyguy

Re: Slow computer and internet problems. Think Infected?

az_shyguy

Re: Slow computer and internet problems. Think Infected?

SuperDave

Re: Slow computer and internet problems. Think Infected?

az_shyguy

Re: Slow computer and internet problems. Think Infected?

SuperDave

Re: Slow computer and internet problems. Think Infected?