Hello techguy,
I was asked by a friend to see if I could fix his computer problems but it appears the issues are beyond my capabilities to fix. The issues he noted and I am also experiencing on this laptop are as follows.
1) Homepage very slow to load.
2) Alert banners on websites.(IE prompts to update programs such as windows media player, computer is infected, click here to fix, etc.) These are not pop ups but banner ads embedded on webpages.
3) Unable to log on to yahoo mail even though all login info is correct. No messages saying invalid entry info, just won't go anywhere.
I have included requested logs. I was a bit unclear on what gmr scan to include so I ran both a quick scan and drive c scan.
Logfile of HijackThis v1.99.1
Scan saved at 11:36:26 AM, on 8/8/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Mary\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
R3 - URLSearchHook: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
R3 - URLSearchHook: KeyBar 1.12 Toolbar - {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: KeyBar 1.12 - {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: FoodBuzz - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
O2 - BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll
O2 - BHO: LyricsSing - {e75248af-7957-4d2c-91b2-96a445ce6ec9} - C:\Program Files (x86)\LyricSing\125.dll
O2 - BHO: WiseConvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (file missing)
O3 - Toolbar: TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
O3 - Toolbar: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
O3 - Toolbar: KeyBar 1.12 Toolbar - {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Unknown owner - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-08 14:04:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB
Running: gmer.exe; Driver: C:\Users\Mary\AppData\Local\Temp\pxldypob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002e01000 45 bytes [00, 00, 1B, 02, 43, 50, 6E, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002e0102f 30 bytes [00, 50, 99, A4, 06, 80, FA, ...]
---- User code sections - GMER 2.1 ----
? C:\Windows\system32\mssprxy.dll [2124] entry point in ".rdata" section 00000000730971e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Windows\AsScrPro.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Windows\AsScrPro.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:2796] 000007fefb9c2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:2732] 000007fef36ad618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:3920] 000007fef8935124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:7012] 000007fef3649730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:7056] 000007fef36ad618
---- Files - GMER 2.1 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
---- EOF - GMER 2.1 ----
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-08 14:24:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB
Running: gmer.exe; Driver: C:\Users\Mary\AppData\Local\Temp\pxldypob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002e01000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002e01042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
? C:\Windows\system32\mssprxy.dll [2124] entry point in ".rdata" section 00000000730971e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:2796] 000007fefb9c2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:2732] 000007fef36ad618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:3920] 000007fef8935124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:7012] 000007fef3649730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:7056] 000007fef36ad618
---- EOF - GMER 2.1 ----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Mary at 12:18:49 on 2013-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3884.1774 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = about:blank
uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
uURLSearchHooks: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
mURLSearchHooks: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
mWinlogon: Userinit = userinit.exe,
BHO: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: FoodBuzz: {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
BHO: LyricsSing: {e75248af-7957-4d2c-91b2-96a445ce6ec9} - C:\Program Files (x86)\LyricSing\125.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: KeyBar 1.12 Toolbar: {0134AF61-7A0C-4649-AECA-90D776060CB3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
TB: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 74.40.74.40 74.40.74.41
TCP: Interfaces\{135633EB-CEB0-4337-8F17-942635F54B1E} : DHCPNameServer = 13.5.0.10
TCP: Interfaces\{D780E39B-5753-4A44-9B7A-287CF3D2853A} : DHCPNameServer = 74.40.74.40 74.40.74.41
TCP: Interfaces\{D780E39B-5753-4A44-9B7A-287CF3D2853A}\131364850353034373837363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D780E39B-5753-4A44-9B7A-287CF3D2853A}\131364851313038373832353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D780E39B-5753-4A44-9B7A-287CF3D2853A}\C4F6467656 : DHCPNameServer = 192.168.1.1 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: FoodBuzz: {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader64.dll
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-RunOnce: [DCERegBootClean64] C:\Windows\RegBootClean64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2011-1-5 15928]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2013-8-7 46392]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-8-7 77184]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-8-7 310952]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-9-8 129024]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-5 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-10-11 131552]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2013-8-7 94520]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2013-8-7 210232]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-1-5 377264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-5 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-7 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-7 57856]
.
=============== Created Last 30 ================
.
2013-08-08 16:39:40 234544 ----a-w- C:\Windows\RegBootClean64.exe
2013-08-08 16:38:33 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99BBDEED-EB2A-47B9-A725-10F64E8ED66C}\offreg.dll
2013-08-08 16:35:22 388096 ----a-r- C:\Users\Mary\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-07 21:16:27 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-08-07 21:16:27 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-08-07 21:16:26 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-08-07 21:16:26 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-08-07 21:16:26 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-08-07 21:16:25 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-08-07 21:16:25 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-08-07 21:16:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-08-07 21:16:22 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-08-07 19:51:13 -------- d-----w- C:\temp
2013-08-07 19:03:40 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99BBDEED-EB2A-47B9-A725-10F64E8ED66C}\mpengine.dll
2013-08-07 19:03:39 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-07 18:26:24 -------- d--h--w- C:\TMRescueDisk
2013-08-07 18:21:51 94520 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2013-08-07 18:21:51 210232 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2013-08-07 18:21:50 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2013-08-07 18:21:47 77184 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2013-08-07 18:21:47 46392 ----a-w- C:\Windows\System32\drivers\TMEBC64.sys
2013-08-07 18:21:47 174016 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2013-08-07 18:21:47 108584 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2013-08-07 18:20:42 59 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2013-08-07 18:20:19 -------- d-----w- C:\ProgramData\Trend Micro
2013-08-07 18:19:46 -------- d-----w- C:\Program Files\Trend Micro
2013-08-07 04:43:17 -------- d-----w- C:\Windows\pss
2013-08-07 02:54:11 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-08-07 01:26:42 -------- d-----w- C:\Users\Mary\AppData\Roaming\Malwarebytes
2013-08-07 01:26:26 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-06 16:50:29 -------- d-----w- C:\Windows\System32\MRT
2013-08-05 12:21:10 -------- d-----w- C:\Users\Mary\AppData\Local\Programs
2013-08-05 11:50:45 -------- d-----w- C:\Users\Mary\AppData\Local\ElevatedDiagnostics
2013-08-05 11:48:36 -------- d-----w- C:\Program Files (x86)\FoodBuzz
2013-08-05 11:48:08 -------- d-----w- C:\Program Files (x86)\KeyBar_1.12
2013-08-05 11:47:57 -------- d-----w- C:\Users\Mary\AppData\Local\Wajam
2013-08-05 11:47:48 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-08-05 11:47:37 -------- d-----w- C:\Users\Mary\AppData\Roaming\SearchProtect
2013-08-05 11:47:35 -------- d-----w- C:\Users\Mary\AppData\Local\CRE
2013-08-05 11:47:10 -------- d-----w- C:\Program Files (x86)\LyricSing
2013-07-15 02:51:01 -------- d-----w- C:\Users\Mary\AppData\Local\{312C4843-94B7-43A1-A3AD-73CC9A3CC020}
2013-07-13 11:06:40 -------- d-----w- C:\Users\Mary\AppData\Local\{92E44A00-F71B-4EC5-93BB-9DA2FFCFED7C}
2013-07-11 08:13:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-11 08:13:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-11 08:13:00 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-07-10 12:44:17 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 12:44:17 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 12:44:17 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 12:44:17 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 12:44:17 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 12:44:17 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 12:44:17 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 12:44:15 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 12:44:15 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 12:44:15 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 12:44:15 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 12:44:02 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 12:43:59 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 12:43:59 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 12:43:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 12:43:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 12:43:59 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 12:42:58 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 12:42:57 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M ====================
.
2013-07-11 10:39:57 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-11 10:39:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 12:19:42.95 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2011 6:16:32 PM
System Uptime: 8/8/2013 10:57:04 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K52F
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | Socket 989 | 2133/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 59.59 GiB free.
D: is FIXED (NTFS) - 328 GiB total, 327.735 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 8/3/2013 9:26:50 AM - Scheduled Checkpoint
RP98: 8/6/2013 11:42:22 AM - Windows Update
RP99: 8/7/2013 10:20:21 AM - Windows Update
RP100: 8/7/2013 3:58:31 PM - Windows Update
RP101: 8/7/2013 4:16:31 PM - Windows Update
RP102: 8/8/2013 11:34:16 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
64 Bit HP CIO Components Installer
7-Zip 9.20
Action Replay DSi Code Manager
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
ASUS AI Recovery
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
ATK Package
Bookworm Deluxe
BufferChm
Complemento Messenger
Complément Messenger
Conexant HD Audio
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
ControlDeck
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Cooking Dash
Coupon Printer for Windows
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
D110
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
ETDWare PS/2-x64 7.0.5.16_WHQL
Fast Boot
FoodBuzz
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
Governor of Poker
GPBaseService2
Great Migrations
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
Hotel Dash Suite Success
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Inbox Toolbar
InstallIQ Updater
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Jewel Quest 3
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
K_Series_ScreenSaver_EN
KeyBar 1.12 Toolbar
Luxor 3
Mahjongg dimensions
MarketResearch
Mesh Runtime
Messenger ????
Messenger ?????
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Network64
Plants vs Zombies
PlayFizz
Potion Bar
PS_AIO_07_D110_SW_Min
QuickTransfer
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies
Simplz Zoo
SmartWebPrinting
Smilebox
SolutionCenter
Spotify
Status
syncables desktop SE
TelevisionFanatic Toolbar
The Print Shop 2.0 Deluxe
The Weather Channel App
Toolbox
TrayApp
Trend Micro Titanium
Trend Micro Titanium Maximum Security
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
USB2.0 UVC VGA WebCam
WebReg
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
WiseConvert Toolbar
World of Goo
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
8/8/2013 11:32:36 AM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
8/7/2013 5:00:40 PM, Error: Service Control Manager [7001] - The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/7/2013 4:55:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Mary-PC\Mary SID (S-1-5-21-2240449205-113892951-1821887123-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/7/2013 4:45:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Intel Corporation - Display - Intel(R) HD Graphics.
8/7/2013 4:42:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Atheros Communications Inc. - Network - Atheros AR9285 Wireless Network Adapter.
8/7/2013 4:42:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
8/7/2013 2:32:41 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
8/7/2013 11:58:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
8/6/2013 9:32:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
8/6/2013 9:31:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
8/6/2013 10:41:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/6/2013 10:40:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.
8/6/2013 10:39:06 AM, Error: Service Control Manager [7022] - The Intel(R) Management & Security Application User Notification Service service hung on starting.
8/3/2013 7:33:43 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
8/3/2013 7:33:43 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
I understand that your tech staff is surely busy with many other people, so I will wait patiently for your reply.
Much Thanks!
I was asked by a friend to see if I could fix his computer problems but it appears the issues are beyond my capabilities to fix. The issues he noted and I am also experiencing on this laptop are as follows.
1) Homepage very slow to load.
2) Alert banners on websites.(IE prompts to update programs such as windows media player, computer is infected, click here to fix, etc.) These are not pop ups but banner ads embedded on webpages.
3) Unable to log on to yahoo mail even though all login info is correct. No messages saying invalid entry info, just won't go anywhere.
I have included requested logs. I was a bit unclear on what gmr scan to include so I ran both a quick scan and drive c scan.
Logfile of HijackThis v1.99.1
Scan saved at 11:36:26 AM, on 8/8/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Mary\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
R3 - URLSearchHook: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
R3 - URLSearchHook: KeyBar 1.12 Toolbar - {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: KeyBar 1.12 - {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: FoodBuzz - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
O2 - BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll
O2 - BHO: LyricsSing - {e75248af-7957-4d2c-91b2-96a445ce6ec9} - C:\Program Files (x86)\LyricSing\125.dll
O2 - BHO: WiseConvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (file missing)
O3 - Toolbar: TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
O3 - Toolbar: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
O3 - Toolbar: KeyBar 1.12 Toolbar - {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Unknown owner - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-08 14:04:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB
Running: gmer.exe; Driver: C:\Users\Mary\AppData\Local\Temp\pxldypob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002e01000 45 bytes [00, 00, 1B, 02, 43, 50, 6E, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002e0102f 30 bytes [00, 50, 99, A4, 06, 80, FA, ...]
---- User code sections - GMER 2.1 ----
? C:\Windows\system32\mssprxy.dll [2124] entry point in ".rdata" section 00000000730971e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Windows\AsScrPro.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Windows\AsScrPro.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:2796] 000007fefb9c2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:2732] 000007fef36ad618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:3920] 000007fef8935124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:7012] 000007fef3649730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:7056] 000007fef36ad618
---- Files - GMER 2.1 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
---- EOF - GMER 2.1 ----
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-08 14:24:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB
Running: gmer.exe; Driver: C:\Users\Mary\AppData\Local\Temp\pxldypob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002e01000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002e01042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
? C:\Windows\system32\mssprxy.dll [2124] entry point in ".rdata" section 00000000730971e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e01465 2 bytes [E0, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e014bb 2 bytes [E0, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:2796] 000007fefb9c2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:2732] 000007fef36ad618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:3920] 000007fef8935124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:7012] 000007fef3649730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3112:7056] 000007fef36ad618
---- EOF - GMER 2.1 ----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Mary at 12:18:49 on 2013-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3884.1774 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = about:blank
uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
uURLSearchHooks: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
mURLSearchHooks: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
mWinlogon: Userinit = userinit.exe,
BHO: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: FoodBuzz: {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
BHO: LyricsSing: {e75248af-7957-4d2c-91b2-96a445ce6ec9} - C:\Program Files (x86)\LyricSing\125.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: KeyBar 1.12 Toolbar: {0134AF61-7A0C-4649-AECA-90D776060CB3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll
TB: KeyBar 1.12 Toolbar: {0134af61-7a0c-4649-aeca-90d776060cb3} - C:\Program Files (x86)\KeyBar_1.12\prxtbKeyB.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 74.40.74.40 74.40.74.41
TCP: Interfaces\{135633EB-CEB0-4337-8F17-942635F54B1E} : DHCPNameServer = 13.5.0.10
TCP: Interfaces\{D780E39B-5753-4A44-9B7A-287CF3D2853A} : DHCPNameServer = 74.40.74.40 74.40.74.41
TCP: Interfaces\{D780E39B-5753-4A44-9B7A-287CF3D2853A}\131364850353034373837363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D780E39B-5753-4A44-9B7A-287CF3D2853A}\131364851313038373832353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D780E39B-5753-4A44-9B7A-287CF3D2853A}\C4F6467656 : DHCPNameServer = 192.168.1.1 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: FoodBuzz: {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader64.dll
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-RunOnce: [DCERegBootClean64] C:\Windows\RegBootClean64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2011-1-5 15928]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2013-8-7 46392]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-8-7 77184]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-8-7 310952]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-9-8 129024]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-5 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-10-11 131552]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2013-8-7 94520]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2013-8-7 210232]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-1-5 377264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-5 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-7 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-7 57856]
.
=============== Created Last 30 ================
.
2013-08-08 16:39:40 234544 ----a-w- C:\Windows\RegBootClean64.exe
2013-08-08 16:38:33 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99BBDEED-EB2A-47B9-A725-10F64E8ED66C}\offreg.dll
2013-08-08 16:35:22 388096 ----a-r- C:\Users\Mary\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-07 21:16:27 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-08-07 21:16:27 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-08-07 21:16:26 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-08-07 21:16:26 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-08-07 21:16:26 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-08-07 21:16:25 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-08-07 21:16:25 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-08-07 21:16:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-08-07 21:16:22 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-08-07 19:51:13 -------- d-----w- C:\temp
2013-08-07 19:03:40 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99BBDEED-EB2A-47B9-A725-10F64E8ED66C}\mpengine.dll
2013-08-07 19:03:39 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-07 18:26:24 -------- d--h--w- C:\TMRescueDisk
2013-08-07 18:21:51 94520 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2013-08-07 18:21:51 210232 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2013-08-07 18:21:50 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2013-08-07 18:21:47 77184 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2013-08-07 18:21:47 46392 ----a-w- C:\Windows\System32\drivers\TMEBC64.sys
2013-08-07 18:21:47 174016 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2013-08-07 18:21:47 108584 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2013-08-07 18:20:42 59 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2013-08-07 18:20:19 -------- d-----w- C:\ProgramData\Trend Micro
2013-08-07 18:19:46 -------- d-----w- C:\Program Files\Trend Micro
2013-08-07 04:43:17 -------- d-----w- C:\Windows\pss
2013-08-07 02:54:11 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-08-07 01:26:42 -------- d-----w- C:\Users\Mary\AppData\Roaming\Malwarebytes
2013-08-07 01:26:26 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-06 16:50:29 -------- d-----w- C:\Windows\System32\MRT
2013-08-05 12:21:10 -------- d-----w- C:\Users\Mary\AppData\Local\Programs
2013-08-05 11:50:45 -------- d-----w- C:\Users\Mary\AppData\Local\ElevatedDiagnostics
2013-08-05 11:48:36 -------- d-----w- C:\Program Files (x86)\FoodBuzz
2013-08-05 11:48:08 -------- d-----w- C:\Program Files (x86)\KeyBar_1.12
2013-08-05 11:47:57 -------- d-----w- C:\Users\Mary\AppData\Local\Wajam
2013-08-05 11:47:48 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-08-05 11:47:37 -------- d-----w- C:\Users\Mary\AppData\Roaming\SearchProtect
2013-08-05 11:47:35 -------- d-----w- C:\Users\Mary\AppData\Local\CRE
2013-08-05 11:47:10 -------- d-----w- C:\Program Files (x86)\LyricSing
2013-07-15 02:51:01 -------- d-----w- C:\Users\Mary\AppData\Local\{312C4843-94B7-43A1-A3AD-73CC9A3CC020}
2013-07-13 11:06:40 -------- d-----w- C:\Users\Mary\AppData\Local\{92E44A00-F71B-4EC5-93BB-9DA2FFCFED7C}
2013-07-11 08:13:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-11 08:13:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-11 08:13:00 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-07-10 12:44:17 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 12:44:17 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 12:44:17 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 12:44:17 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 12:44:17 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 12:44:17 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 12:44:17 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 12:44:15 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 12:44:15 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 12:44:15 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 12:44:15 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 12:44:02 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 12:43:59 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 12:43:59 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 12:43:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 12:43:59 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 12:43:59 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 12:42:58 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 12:42:57 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M ====================
.
2013-07-11 10:39:57 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-11 10:39:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 12:19:42.95 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/4/2011 6:16:32 PM
System Uptime: 8/8/2013 10:57:04 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K52F
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | Socket 989 | 2133/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 59.59 GiB free.
D: is FIXED (NTFS) - 328 GiB total, 327.735 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 8/3/2013 9:26:50 AM - Scheduled Checkpoint
RP98: 8/6/2013 11:42:22 AM - Windows Update
RP99: 8/7/2013 10:20:21 AM - Windows Update
RP100: 8/7/2013 3:58:31 PM - Windows Update
RP101: 8/7/2013 4:16:31 PM - Windows Update
RP102: 8/8/2013 11:34:16 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
64 Bit HP CIO Components Installer
7-Zip 9.20
Action Replay DSi Code Manager
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
ASUS AI Recovery
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
ATK Package
Bookworm Deluxe
BufferChm
Complemento Messenger
Complément Messenger
Conexant HD Audio
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
ControlDeck
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Cooking Dash
Coupon Printer for Windows
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
D110
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
ETDWare PS/2-x64 7.0.5.16_WHQL
Fast Boot
FoodBuzz
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
Governor of Poker
GPBaseService2
Great Migrations
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
Hotel Dash Suite Success
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Inbox Toolbar
InstallIQ Updater
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Jewel Quest 3
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
K_Series_ScreenSaver_EN
KeyBar 1.12 Toolbar
Luxor 3
Mahjongg dimensions
MarketResearch
Mesh Runtime
Messenger ????
Messenger ?????
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Network64
Plants vs Zombies
PlayFizz
Potion Bar
PS_AIO_07_D110_SW_Min
QuickTransfer
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies
Simplz Zoo
SmartWebPrinting
Smilebox
SolutionCenter
Spotify
Status
syncables desktop SE
TelevisionFanatic Toolbar
The Print Shop 2.0 Deluxe
The Weather Channel App
Toolbox
TrayApp
Trend Micro Titanium
Trend Micro Titanium Maximum Security
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
USB2.0 UVC VGA WebCam
WebReg
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
WiseConvert Toolbar
World of Goo
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
8/8/2013 11:32:36 AM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
8/7/2013 5:00:40 PM, Error: Service Control Manager [7001] - The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/7/2013 4:55:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Mary-PC\Mary SID (S-1-5-21-2240449205-113892951-1821887123-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/7/2013 4:45:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Intel Corporation - Display - Intel(R) HD Graphics.
8/7/2013 4:42:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Atheros Communications Inc. - Network - Atheros AR9285 Wireless Network Adapter.
8/7/2013 4:42:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
8/7/2013 2:32:41 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
8/7/2013 11:58:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
8/6/2013 9:32:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
8/6/2013 9:31:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
8/6/2013 10:41:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/6/2013 10:40:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service.
8/6/2013 10:39:06 AM, Error: Service Control Manager [7022] - The Intel(R) Management & Security Application User Notification Service service hung on starting.
8/3/2013 7:33:43 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
8/3/2013 7:33:43 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
I understand that your tech staff is surely busy with many other people, so I will wait patiently for your reply.
Much Thanks!