Computer running extremely slow at times....sometimes decent, but never to it's potential. This is the wired computer, and the other Wi-Fi/vista computer blows this away. Here are the logs. Thanks in advance for the help!
HijackThis
-----------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:15:09 PM, on 9/3/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal
Running processes:
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome_ frame_helper.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Kevin\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesportsbet.com/my-page.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ChromeFrameHelper] "C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome _frame_helper.exe" --startup
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe --automation-channel=ChromeTestingInterface:3616.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --disable-print-preview --user-data-dir="C:\Users\Kevin\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE" --chrome-version=28.0.1500.95 --lang=en-US --flag-switches-begin --flag-switches-end --restore-last-session
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...Control_32.CAB
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A33A5EBA-624D-4058-B267-674F0FD4F2DB}: NameServer = 208.67.222.222,208.67.222.220
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\npchrom e_frame.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8406 bytes
DDS
-----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Kevin at 14:16:55 on 2013-09-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.989.205 [GMT -4:00]
.
AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxddcoms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome_ frame_helper.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.freesportsbet.com/my-page.html
uDefault_Page_URL = hxxp://emachines.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ChromeFrameHelper] "C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome _frame_helper.exe" --startup
uRunOnce: [Application Restart #1] C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe --automation-channel=ChromeTestingInterface:3616.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --disable-print-preview --user-data-dir="C:\Users\Kevin\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE" --chrome-version=28.0.1500.95 --lang=en-US --flag-switches-begin --flag-switches-end --restore-last-session
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: Interfaces\{A33A5EBA-624D-4058-B267-674F0FD4F2DB} : NameServer = 208.67.222.222,208.67.222.220
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\npchrom e_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1402010.016\symds64.sys [2013-1-23 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1402010.016\symefa64.sys [2013-1-23 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1402010.016\ccsetx64.sys [2013-1-23 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130902.001\IDSviA64.sys [2013-9-2 520280]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1402010.016\ironx64.sys [2013-1-23 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1402010.016\symnets.sys [2013-1-23 432800]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.EXE [2013-4-2 240264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-26 140376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-28 291328]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.EXE [2013-4-2 193672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2007-6-19 24576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-10 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-10 30208]
S4 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
.
=============== Created Last 30 ================
.
2013-08-16 01:54:05 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-16 01:54:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-16 01:19:44 -------- d-----w- C:\Windows\System32\MRT
2013-08-14 17:21:54 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-14 17:21:54 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-14 17:21:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-14 17:21:53 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-14 17:21:53 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-14 17:21:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-14 17:21:53 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-14 17:21:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-14 17:21:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-14 17:21:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-14 17:21:52 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-14 17:21:45 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-14 17:21:44 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 18:04:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-19 18:04:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 00:20:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-09 00:20:42 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-09 00:20:42 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:18:42.10 ===============
attach
-------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/3/2011 2:51:26 PM
System Uptime: 9/3/2013 12:22:53 PM (2 hours ago)
.
Motherboard: eMachines | | EL1852G
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 1185/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 869.139 GiB free.
D: is CDROM (UDF)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP171: 7/19/2013 7:26:56 PM - Scheduled Checkpoint
RP172: 7/27/2013 3:41:23 PM - Scheduled Checkpoint
RP173: 8/4/2013 2:05:27 AM - Scheduled Checkpoint
RP174: 8/11/2013 6:22:47 PM - Scheduled Checkpoint
RP175: 8/15/2013 9:06:30 PM - Windows Update
RP176: 8/24/2013 2:31:29 PM - Scheduled Checkpoint
RP177: 8/31/2013 11:30:05 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Agatha Christie - 4:50 from Paddington
Bejeweled 2 Deluxe
BetOnline Poker 8.2
Big Action Construction
Bing Bar
Build-a-lot 2
Caillou Ready For School
CenturyLink Help
CenturyLink Installer
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Final Drive: Nitro
Galerie de photos Windows Live
Garmin Communicator Plugin x64
Garmin Lifetime Updater
Google Chrome Frame
Hot Wheels® Mechanix
Hotkey Utility
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
Jewel Quest Heritage
Junk Mail filter update
Lexmark 2500 Series
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton AntiVirus
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Times Reader
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/3/2013 12:23:57 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/1/2013 5:48:43 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
.
==== End Of File ===========================
art.txt
-------
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-03 14:23:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD10EADX-22TDHB0 rev.77.04D77 931.51GB
Running: gcwdi1p1.exe; Driver: C:\Users\Kevin\AppData\Local\Temp\pwdoqpog.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [872:2604] 000007fef8846b8c
Thread C:\Windows\System32\svchost.exe [872:2588] 000007fef8841d88
Thread C:\Windows\System32\svchost.exe [920:2524] 000007fef84d14a0
Thread C:\Windows\System32\svchost.exe [920:2716] 000007fef802a2b0
Thread C:\Windows\System32\svchost.exe [920:3128] 000007fef98688f8
Thread C:\Windows\system32\svchost.exe [968:2528] 000007fef8fe0ea8
Thread C:\Windows\system32\svchost.exe [968:2548] 000007fef8fd9db0
Thread C:\Windows\system32\svchost.exe [968:2608] 000007fef8fdaa10
Thread C:\Windows\system32\svchost.exe [968:2688] 000007fef8fe1c94
Thread C:\Windows\system32\svchost.exe [968:2880] 000007fef83638e4
Thread C:\Windows\system32\svchost.exe [968:2896] 000007fef836ccc4
Thread C:\Windows\system32\svchost.exe [968:3656] 000007fef4d0d3c8
Thread C:\Windows\system32\svchost.exe [968:3660] 000007fef4d0d3c8
Thread C:\Windows\system32\svchost.exe [968:3664] 000007fef4d0d3c8
Thread C:\Windows\system32\svchost.exe [968:3668] 000007fef4d0d3c8
Thread C:\Windows\system32\svchost.exe [1000:3684] 000007fef898506c
Thread C:\Windows\system32\svchost.exe [1000:3824] 000007fef8bd1c20
Thread C:\Windows\system32\svchost.exe [1000:3884] 000007fef8bd1c20
Thread C:\Windows\system32\svchost.exe [1000:2184] 000007fef9785124
Thread C:\Windows\system32\svchost.exe [1000:3700] 000007fef6fa1ab0
Thread C:\Windows\system32\svchost.exe [1000:4108] 000007fef4434164
Thread C:\Windows\system32\svchost.exe [528:1104] 000007fefaf48274
Thread C:\Windows\system32\svchost.exe [528:2128] 000007fefaf48274
Thread C:\Windows\system32\svchost.exe [1056:1108] 000007fefab5341c
Thread C:\Windows\system32\svchost.exe [1056:1160] 000007fefab53a2c
Thread C:\Windows\system32\svchost.exe [1056:1164] 000007fefab55c20
Thread C:\Windows\system32\svchost.exe [1056:1168] 000007fefab53768
Thread C:\Windows\system32\svchost.exe [1056:1708] 000007fef981bd88
Thread C:\Windows\system32\svchost.exe [1056:2872] 000007fefab53900
Thread C:\Windows\system32\svchost.exe [1056:3612] 000007fef6d45170
Thread C:\Windows\system32\svchost.exe [1056:3848] 000007fef9785124
Thread C:\Windows\System32\spoolsv.exe [1236:2308] 000007fef86610c8
Thread C:\Windows\System32\spoolsv.exe [1236:2316] 000007fef8636144
Thread C:\Windows\System32\spoolsv.exe [1236:2320] 000007fef9e35fd0
Thread C:\Windows\System32\spoolsv.exe [1236:2324] 000007fef8d43438
Thread C:\Windows\System32\spoolsv.exe [1236:2328] 000007fef9e363ec
Thread C:\Windows\System32\spoolsv.exe [1236:2336] 000007fef8745e5c
Thread C:\Windows\System32\spoolsv.exe [1236:2340] 000007fef89c5074
Thread C:\Windows\System32\spoolsv.exe [1236:2740] 000007fef8a32288
Thread C:\Windows\system32\svchost.exe [1268:1440] 000007fefa3435c0
Thread C:\Windows\system32\svchost.exe [1268:2508] 000007fefa345600
Thread C:\Windows\system32\svchost.exe [1268:2616] 000007fef8112940
Thread C:\Windows\system32\svchost.exe [1268:3188] 000007fef5442888
Thread C:\Windows\system32\svchost.exe [1268:4368] 000007fef5442a40
Thread C:\Windows\system32\svchost.exe [1408:1588] 000007fef9e35fd0
Thread C:\Windows\system32\svchost.exe [1408:1616] 000007fef9e363ec
Thread C:\Windows\system32\svchost.exe [1408:3840] 000007fef48e8470
Thread C:\Windows\system32\svchost.exe [1408:3844] 000007fef48f2418
Thread C:\Windows\system32\svchost.exe [1408:3972] 000007fef44af130
Thread C:\Windows\system32\svchost.exe [1408:4036] 000007fef44a4734
Thread C:\Windows\system32\svchost.exe [1408:3604] 000007fef44a4734
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2164] 0000000072d2102d
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2248] 00000000729cf1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2272] 00000000729cf1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2276] 00000000729c55d3
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2304] 0000000072ccc159
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3524:3880] 000007fefbab2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3524:3888] 000007fef161d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3524:3896] 000007fef161d618
---- EOF - GMER 2.1 ----
HijackThis
-----------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:15:09 PM, on 9/3/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal
Running processes:
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome_ frame_helper.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Kevin\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesportsbet.com/my-page.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ChromeFrameHelper] "C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome _frame_helper.exe" --startup
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe --automation-channel=ChromeTestingInterface:3616.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --disable-print-preview --user-data-dir="C:\Users\Kevin\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE" --chrome-version=28.0.1500.95 --lang=en-US --flag-switches-begin --flag-switches-end --restore-last-session
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...Control_32.CAB
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A33A5EBA-624D-4058-B267-674F0FD4F2DB}: NameServer = 208.67.222.222,208.67.222.220
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\npchrom e_frame.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8406 bytes
DDS
-----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Kevin at 14:16:55 on 2013-09-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.989.205 [GMT -4:00]
.
AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxddcoms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome_ frame_helper.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.freesportsbet.com/my-page.html
uDefault_Page_URL = hxxp://emachines.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ChromeFrameHelper] "C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome _frame_helper.exe" --startup
uRunOnce: [Application Restart #1] C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe --automation-channel=ChromeTestingInterface:3616.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --disable-print-preview --user-data-dir="C:\Users\Kevin\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE" --chrome-version=28.0.1500.95 --lang=en-US --flag-switches-begin --flag-switches-end --restore-last-session
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: Interfaces\{A33A5EBA-624D-4058-B267-674F0FD4F2DB} : NameServer = 208.67.222.222,208.67.222.220
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\29.0.1547.62\npchrom e_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1402010.016\symds64.sys [2013-1-23 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1402010.016\symefa64.sys [2013-1-23 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1402010.016\ccsetx64.sys [2013-1-23 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130902.001\IDSviA64.sys [2013-9-2 520280]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1402010.016\ironx64.sys [2013-1-23 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1402010.016\symnets.sys [2013-1-23 432800]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.EXE [2013-4-2 240264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-26 140376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-28 291328]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.EXE [2013-4-2 193672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2007-6-19 24576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-10 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-10 30208]
S4 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
.
=============== Created Last 30 ================
.
2013-08-16 01:54:05 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-16 01:54:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-16 01:19:44 -------- d-----w- C:\Windows\System32\MRT
2013-08-14 17:21:54 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-14 17:21:54 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-14 17:21:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-14 17:21:53 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-14 17:21:53 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-14 17:21:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-14 17:21:53 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-14 17:21:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-14 17:21:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-14 17:21:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-14 17:21:52 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-14 17:21:45 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-14 17:21:44 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 18:04:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-19 18:04:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 00:20:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-09 00:20:42 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-09 00:20:42 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:18:42.10 ===============
attach
-------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/3/2011 2:51:26 PM
System Uptime: 9/3/2013 12:22:53 PM (2 hours ago)
.
Motherboard: eMachines | | EL1852G
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 1185/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 869.139 GiB free.
D: is CDROM (UDF)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP171: 7/19/2013 7:26:56 PM - Scheduled Checkpoint
RP172: 7/27/2013 3:41:23 PM - Scheduled Checkpoint
RP173: 8/4/2013 2:05:27 AM - Scheduled Checkpoint
RP174: 8/11/2013 6:22:47 PM - Scheduled Checkpoint
RP175: 8/15/2013 9:06:30 PM - Windows Update
RP176: 8/24/2013 2:31:29 PM - Scheduled Checkpoint
RP177: 8/31/2013 11:30:05 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Agatha Christie - 4:50 from Paddington
Bejeweled 2 Deluxe
BetOnline Poker 8.2
Big Action Construction
Bing Bar
Build-a-lot 2
Caillou Ready For School
CenturyLink Help
CenturyLink Installer
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Final Drive: Nitro
Galerie de photos Windows Live
Garmin Communicator Plugin x64
Garmin Lifetime Updater
Google Chrome Frame
Hot Wheels® Mechanix
Hotkey Utility
Identity Card
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 25
Java Auto Updater
Jewel Quest Heritage
Junk Mail filter update
Lexmark 2500 Series
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton AntiVirus
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Times Reader
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/3/2013 12:23:57 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/1/2013 5:48:43 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
.
==== End Of File ===========================
art.txt
-------
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-03 14:23:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD10EADX-22TDHB0 rev.77.04D77 931.51GB
Running: gcwdi1p1.exe; Driver: C:\Users\Kevin\AppData\Local\Temp\pwdoqpog.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [872:2604] 000007fef8846b8c
Thread C:\Windows\System32\svchost.exe [872:2588] 000007fef8841d88
Thread C:\Windows\System32\svchost.exe [920:2524] 000007fef84d14a0
Thread C:\Windows\System32\svchost.exe [920:2716] 000007fef802a2b0
Thread C:\Windows\System32\svchost.exe [920:3128] 000007fef98688f8
Thread C:\Windows\system32\svchost.exe [968:2528] 000007fef8fe0ea8
Thread C:\Windows\system32\svchost.exe [968:2548] 000007fef8fd9db0
Thread C:\Windows\system32\svchost.exe [968:2608] 000007fef8fdaa10
Thread C:\Windows\system32\svchost.exe [968:2688] 000007fef8fe1c94
Thread C:\Windows\system32\svchost.exe [968:2880] 000007fef83638e4
Thread C:\Windows\system32\svchost.exe [968:2896] 000007fef836ccc4
Thread C:\Windows\system32\svchost.exe [968:3656] 000007fef4d0d3c8
Thread C:\Windows\system32\svchost.exe [968:3660] 000007fef4d0d3c8
Thread C:\Windows\system32\svchost.exe [968:3664] 000007fef4d0d3c8
Thread C:\Windows\system32\svchost.exe [968:3668] 000007fef4d0d3c8
Thread C:\Windows\system32\svchost.exe [1000:3684] 000007fef898506c
Thread C:\Windows\system32\svchost.exe [1000:3824] 000007fef8bd1c20
Thread C:\Windows\system32\svchost.exe [1000:3884] 000007fef8bd1c20
Thread C:\Windows\system32\svchost.exe [1000:2184] 000007fef9785124
Thread C:\Windows\system32\svchost.exe [1000:3700] 000007fef6fa1ab0
Thread C:\Windows\system32\svchost.exe [1000:4108] 000007fef4434164
Thread C:\Windows\system32\svchost.exe [528:1104] 000007fefaf48274
Thread C:\Windows\system32\svchost.exe [528:2128] 000007fefaf48274
Thread C:\Windows\system32\svchost.exe [1056:1108] 000007fefab5341c
Thread C:\Windows\system32\svchost.exe [1056:1160] 000007fefab53a2c
Thread C:\Windows\system32\svchost.exe [1056:1164] 000007fefab55c20
Thread C:\Windows\system32\svchost.exe [1056:1168] 000007fefab53768
Thread C:\Windows\system32\svchost.exe [1056:1708] 000007fef981bd88
Thread C:\Windows\system32\svchost.exe [1056:2872] 000007fefab53900
Thread C:\Windows\system32\svchost.exe [1056:3612] 000007fef6d45170
Thread C:\Windows\system32\svchost.exe [1056:3848] 000007fef9785124
Thread C:\Windows\System32\spoolsv.exe [1236:2308] 000007fef86610c8
Thread C:\Windows\System32\spoolsv.exe [1236:2316] 000007fef8636144
Thread C:\Windows\System32\spoolsv.exe [1236:2320] 000007fef9e35fd0
Thread C:\Windows\System32\spoolsv.exe [1236:2324] 000007fef8d43438
Thread C:\Windows\System32\spoolsv.exe [1236:2328] 000007fef9e363ec
Thread C:\Windows\System32\spoolsv.exe [1236:2336] 000007fef8745e5c
Thread C:\Windows\System32\spoolsv.exe [1236:2340] 000007fef89c5074
Thread C:\Windows\System32\spoolsv.exe [1236:2740] 000007fef8a32288
Thread C:\Windows\system32\svchost.exe [1268:1440] 000007fefa3435c0
Thread C:\Windows\system32\svchost.exe [1268:2508] 000007fefa345600
Thread C:\Windows\system32\svchost.exe [1268:2616] 000007fef8112940
Thread C:\Windows\system32\svchost.exe [1268:3188] 000007fef5442888
Thread C:\Windows\system32\svchost.exe [1268:4368] 000007fef5442a40
Thread C:\Windows\system32\svchost.exe [1408:1588] 000007fef9e35fd0
Thread C:\Windows\system32\svchost.exe [1408:1616] 000007fef9e363ec
Thread C:\Windows\system32\svchost.exe [1408:3840] 000007fef48e8470
Thread C:\Windows\system32\svchost.exe [1408:3844] 000007fef48f2418
Thread C:\Windows\system32\svchost.exe [1408:3972] 000007fef44af130
Thread C:\Windows\system32\svchost.exe [1408:4036] 000007fef44a4734
Thread C:\Windows\system32\svchost.exe [1408:3604] 000007fef44a4734
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2164] 0000000072d2102d
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2248] 00000000729cf1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2272] 00000000729cf1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2276] 00000000729c55d3
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2036:2304] 0000000072ccc159
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3524:3880] 000007fefbab2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3524:3888] 000007fef161d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3524:3896] 000007fef161d618
---- EOF - GMER 2.1 ----