I just thought it was just an annoyance really. For a half a year now, I have to troubleshoot my wireless in order to get it to work after waking or starting up the laptop. Sometimes it works on the first time, sometimes it starts working after 5 troubleshootings, but it usually always works.
About a month ago, my laptop did it's first blue screen. It's now happened about 4 or 5 times, the most recent about an hour ago. The second to last time (about 4 days ago) I ran full scans of Avast Antivirus, SuperAntispyware and Malwarebytes in that order. Avast got 10 viruses, SA got 115 and MB got 11.
Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34:17 PM, on 9/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\Tra.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\Users\Dillon\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USB Optical Mouse] "C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dillon\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{36772CB1-3E43-459C-A681-D8525BB7AC7C}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{36772CB1-3E43-459C-A681-D8525BB7AC7C}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{36772CB1-3E43-459C-A681-D8525BB7AC7C}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\windows\syswow64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11858 bytes
dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Dillon at 23:31:01 on 2013-09-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.536 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\Tra.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [cdloader] "C:\Users\Dillon\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [USB Optical Mouse] "C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001017-0002-0017-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{36772CB1-3E43-459C-A681-D8525BB7AC7C} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED} : DHCPNameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\144545437323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\2757A786964737B69697 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\75F4751203236323 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\75F4751203236323 : DHCPNameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\D436D277966696 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\D436D277966696 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN15361564481426136&UM=2&SearchSource=3& q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN15361564481426136&UM=2& q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-08 04:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-08 04:29; elemhidehelper@adblockplus.org; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2013-09-08 04:30; autopager@mozilla.org; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\autopager@mozilla.org.xpi
FF - ExtSQL: 2013-09-08 04:30; adblockpopups@jessehakanen.net; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-09-08 04:31; jid1-ZAdIEUB7XOzOJw@jetpack; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF - ExtSQL: 2013-09-08 04:36; pastetotab@loucypher; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\pastetotab@loucypher
FF - ExtSQL: 2013-09-12 23:31; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-09-13 00:02; {739df940-c5ee-4bab-9d7e-270894ae687a}; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF - ExtSQL: 2013-09-13 06:25; j0iiao@zff-ii.co.uk; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\j0iiao@zff-ii.co.uk
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-10 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-10 204880]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-10 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-10 378944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-8 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-11-8 38144]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-24 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-10 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-10 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-12 46808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-24 13592]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-24 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-8-3 40432]
R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-24 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-24 436840]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-24 878184]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-10-2 36328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-9 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-10-2 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-10-2 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-10-2 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-10-2 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-9 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-24 1817088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-17 23:10:19 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B146B11C-7D60-428E-9A71-7E3D3CE68E8F}\mpengine.dll
2013-09-14 09:06:54 -------- dc----w- C:\Users\Dillon\AppData\Local\SCE
2013-09-13 19:53:59 68104 ----a-w- C:\Windows\System32\XAPOFX1_0.dll
2013-09-13 17:55:55 0 ----a-w- C:\Windows\SysWow64\sho6BC9.tmp
2013-09-13 11:08:02 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-13 11:08:02 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-13 04:02:59 -------- dc----w- C:\Users\Dillon\AppData\Roaming\SearchProtect
2013-09-13 04:02:55 -------- dc----w- C:\Program Files (x86)\Conduit
2013-09-13 04:02:32 -------- dc----w- C:\ProgramData\Conduit
2013-09-13 04:02:29 -------- dc----w- C:\Users\Dillon\AppData\Local\Conduit
2013-09-13 03:59:59 -------- dc----w- C:\Program Files (x86)\ss helper
2013-09-13 03:59:23 -------- dc----w- C:\ProgramData\savensHAre
2013-09-13 03:54:23 -------- dc----w- C:\ProgramData\InstallMate
2013-09-12 11:28:00 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-11 06:43:13 -------- dc----w- C:\Users\Dillon\AppData\Roaming\USB Optical Mouse
2013-09-10 16:57:42 -------- dc----w- C:\Program Files (x86)\USB Optical Mouse
2013-09-09 00:50:26 0 ----a-w- C:\Windows\SysWow64\shoED2E.tmp
2013-09-05 14:04:02 209272 -c--a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-09-03 17:18:43 -------- dc----w- C:\Users\Dillon\AppData\Local\{FF738D50-629E-4225-976B-EB55958ECD85}
2013-09-03 03:59:13 -------- dc----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-03 03:28:01 -------- dc----w- C:\Program Files\VS Revo Group
2013-09-02 19:39:09 -------- dc----w- C:\Users\Dillon\AppData\Local\{82B95313-8DDC-4F4C-9F54-18085EA1C8A4}
2013-09-02 07:38:29 -------- dc----w- C:\Users\Dillon\AppData\Local\{5DEFD5C7-F488-46A9-B367-8000DCD79E1C}
2013-08-30 18:51:23 -------- dc----w- C:\Users\Dillon\AppData\Local\{B2CD6610-2462-4DEE-80FA-85EAEB7568FD}
2013-08-30 11:24:37 -------- dc----r- C:\Program Files (x86)\Skype
2013-08-26 04:43:14 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-22 20:14:37 -------- dc----w- C:\Program Files (x86)\Flash Movie Player
2013-08-22 01:13:17 -------- dc----w- C:\Users\Dillon\AppData\Roaming\PyBitmessage
2013-08-21 07:19:14 17160072 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-09-14 08:46:33 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-14 08:46:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-26 04:42:46 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-08-26 04:42:45 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-15 03:15:18 0 ----a-w- C:\Windows\SysWow64\shoCEDF.tmp
2013-07-11 21:26:04 0 ----a-w- C:\Windows\SysWow64\sho47FE.tmp
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-26 23:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys
2013-06-26 23:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys
2013-06-26 23:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys
2013-06-26 23:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll
2013-06-26 23:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll
2013-06-26 23:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys
.
============= FINISH: 23:32:48.62 ===============
attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/17/2012 4:06:53 PM
System Uptime: 9/19/2013 11:24:18 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3672
Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz | CPU1 | 1500/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 108.46 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.296 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SCH-I510
Device ID: USB\VID_04E8&PID_5A0F\30317CA9012000EC
Manufacturer: samsung
Name: SCH-I510
PNP Device ID: USB\VID_04E8&PID_5A0F\30317CA9012000EC
Service: WUDFRd
.
==== System Restore Points ===================
.
RP325: 9/17/2013 7:07:58 PM - Windows Update
RP326: 9/19/2013 2:36:27 AM - Removed System Requirements Lab CYRI
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 12.0
Age of Empires II HD Edition version 1.0.0.0
avast! Free Antivirus
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO Internet Security
Compaq Setup Manager
CyberLink YouCam
D3DX10
ESU for Microsoft Windows 7 SP1
EverQuest
GimpShop 2.8
Google Earth Plug-in
Google Update Helper
GTA San Andreas
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Software Framework
HP Support Assistant
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.7.5 (Full)
magicJack
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Metal Gear Solid
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft WSE 3.0 Runtime
Morrowind
Morrowind Script Extender 0.9.4.1
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Most Wanted (black edition)
Opera 12.16
PlayReady PC Runtime x86
Poker Superstars III
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
Revo Uninstaller 1.95
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype 6.7
ss helper 1.74
SUPERAntiSpyware
swMSM
Synaptics TouchPad Driver
System Requirements Lab Detection
TES Construction Set
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
USB Optical Mouse
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.7
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/19/2013 6:49:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/19/2013 6:49:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sftlist service.
9/19/2013 2:35:21 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.2, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/19/2013 11:26:04 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
9/19/2013 11:26:04 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.12, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/19/2013 11:25:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091913-31012-01.
9/19/2013 11:24:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
9/19/2013 10:51:39 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.168.137, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/19/2013 10:51:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000c08120888, 0x0000000000000002, 0x0000000000000000, 0xfffff8000304a977). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091913-31044-01.
9/19/2013 10:24:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/19/2013 1:14:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/19/2013 1:14:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/19/2013 1:14:41 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.13, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/18/2013 11:30:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
9/18/2013 11:29:40 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address 00-1A-79-10-09-2F. Network operations on this system may be disrupted as a result.
9/17/2013 11:53:34 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address A4-1F-72-6F-C7-78. Network operations on this system may be disrupted as a result.
9/16/2013 9:22:48 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.16, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/16/2013 3:02:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
9/16/2013 2:02:18 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}. The master browser is stopping or an election is being forced.
9/16/2013 2:01:07 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.10, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/16/2013 11:17:13 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.8, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/16/2013 10:30:44 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/15/2013 8:46:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000c0a2e7498, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e4c977). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091513-43305-01.
9/15/2013 8:07:48 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
9/15/2013 8:05:45 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.127, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/15/2013 11:34:42 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E38D684B-0B0A-40B3-A214-6C49E3C0CAED} because another computer on the network has the same name. The server could not start.
9/15/2013 10:13:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/13/2013 1:55:18 PM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
ark.txt
When I started up the GMER scan, I followed the directions- closing all programs and not moving the mouse- and it ran for about 10 seconds and this is what came up:
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-20 00:24:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298.09GB
Running: wznkveoo.exe; Driver: C:\Users\Dillon\AppData\Local\Temp\uxroaaoc.sys
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs fffffa80030b82c0
Device \FileSystem\fastfat \Fat fffffa8006a3d2c0
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\lsass.exe [776:804] 000007fefcacdf50
Thread C:\Windows\system32\svchost.exe [628:2148] 000007fef7d7bd88
Thread C:\Windows\system32\svchost.exe [628:2600] 000007fef7ba83d8
Thread C:\Windows\system32\svchost.exe [628:2604] 000007fef7ba83d8
Thread C:\Windows\system32\svchost.exe [628:1732] 000007fefa593f1c
Thread C:\Windows\system32\svchost.exe [628:2576] 000007fefafe1a38
Thread C:\Windows\system32\svchost.exe [628:1620] 000007fefa5f5388
Thread C:\Windows\system32\svchost.exe [628:568] 000007fefa517738
Thread C:\Windows\system32\svchost.exe [628:1040] 000007fefa501f90
Thread C:\Windows\system32\svchost.exe [628:3892] 000007fef7ca5124
Thread C:\Windows\system32\svchost.exe [628:4276] 000007fef89e5170
Thread C:\Windows\system32\svchost.exe [1104:1664] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:1796] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:760] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:3044] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:1204] 000007fef7ca5124
Thread C:\Windows\system32\svchost.exe [1300:1436] 000007fef9bb8274
Thread C:\Windows\system32\svchost.exe [1300:1708] 000007fef9bb8274
Thread C:\Windows\Explorer.EXE [1748:1672] 000007fef41b2118
Thread C:\Windows\Explorer.EXE [1748:4076] 000007fef40d2f9c
Thread C:\Windows\Explorer.EXE [1748:1544] 000007fefb551010
Thread C:\Windows\system32\taskhost.exe [1916:2008] 000007fefba91f38
Thread C:\Windows\system32\taskhost.exe [1916:2028] 000007fefb551010
Thread C:\Windows\system32\taskhost.exe [1916:1804] 000007fefed7c608
Thread C:\Windows\system32\taskhost.exe [1916:3376] 000007fef89e5170
Thread C:\Windows\system32\svchost.exe [1972:1244] 000007fef85335c0
Thread C:\Windows\system32\svchost.exe [1972:3664] 000007fef8535600
Thread C:\Windows\system32\svchost.exe [1972:3708] 000007fef54c2888
Thread C:\Windows\system32\svchost.exe [1972:3768] 000007fef4ed2940
Thread C:\Windows\system32\svchost.exe [2536:2616] 000007fef7c27130
Thread C:\Windows\system32\svchost.exe [2536:2620] 000007fef7c1d5c0
Thread C:\Windows\system32\wbem\wmiprvse.exe [3156:4228] 000007fef7ac1c20
Thread C:\Windows\System32\svchost.exe [3932:4700] 000007feef7397fc
Thread C:\Windows\System32\svchost.exe [3932:2504] 000007feef746a04
Thread C:\Windows\System32\svchost.exe [3932:3264] 000007feef73df84
Thread C:\Windows\System32\svchost.exe [3932:4216] 000007feef73bc88
Thread C:\Windows\System32\svchost.exe [3932:4144] 000007feedd59688
---- EOF - GMER 2.1 ----
I ran this GMER scan exactly as instructed. I've used your sites fine services before on another computer and I thought that the GMER results should be longer. No messages about rootkit activity, so I don't know what's going on there.
Thanks in advance
About a month ago, my laptop did it's first blue screen. It's now happened about 4 or 5 times, the most recent about an hour ago. The second to last time (about 4 days ago) I ran full scans of Avast Antivirus, SuperAntispyware and Malwarebytes in that order. Avast got 10 viruses, SA got 115 and MB got 11.
Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34:17 PM, on 9/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\Tra.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\Users\Dillon\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USB Optical Mouse] "C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Dillon\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{36772CB1-3E43-459C-A681-D8525BB7AC7C}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{36772CB1-3E43-459C-A681-D8525BB7AC7C}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{36772CB1-3E43-459C-A681-D8525BB7AC7C}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\windows\syswow64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11858 bytes
dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Dillon at 23:31:01 on 2013-09-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.536 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\Tra.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [cdloader] "C:\Users\Dillon\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [USB Optical Mouse] "C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001017-0002-0017-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{36772CB1-3E43-459C-A681-D8525BB7AC7C} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED} : DHCPNameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\144545437323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\2757A786964737B69697 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\75F4751203236323 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\75F4751203236323 : DHCPNameServer = 64.233.214.34 64.233.214.41
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\D436D277966696 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}\D436D277966696 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN15361564481426136&UM=2&SearchSource=3& q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN15361564481426136&UM=2& q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-08 04:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-08 04:29; elemhidehelper@adblockplus.org; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2013-09-08 04:30; autopager@mozilla.org; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\autopager@mozilla.org.xpi
FF - ExtSQL: 2013-09-08 04:30; adblockpopups@jessehakanen.net; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-09-08 04:31; jid1-ZAdIEUB7XOzOJw@jetpack; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF - ExtSQL: 2013-09-08 04:36; pastetotab@loucypher; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\pastetotab@loucypher
FF - ExtSQL: 2013-09-12 23:31; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-09-13 00:02; {739df940-c5ee-4bab-9d7e-270894ae687a}; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF - ExtSQL: 2013-09-13 06:25; j0iiao@zff-ii.co.uk; C:\Users\Dillon\AppData\Roaming\Mozilla\Firefox\Profiles\938rcx5k.default-1378595040741\extensions\j0iiao@zff-ii.co.uk
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-10 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-10 204880]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-10 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-10 378944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-8 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-11-8 38144]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-24 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-10 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-10 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-12 46808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-24 13592]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-24 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-8-3 40432]
R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-24 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-24 436840]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-3-24 878184]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-10-2 36328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-9 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-10-2 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-10-2 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-10-2 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-10-2 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-9 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-24 1817088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-17 23:10:19 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B146B11C-7D60-428E-9A71-7E3D3CE68E8F}\mpengine.dll
2013-09-14 09:06:54 -------- dc----w- C:\Users\Dillon\AppData\Local\SCE
2013-09-13 19:53:59 68104 ----a-w- C:\Windows\System32\XAPOFX1_0.dll
2013-09-13 17:55:55 0 ----a-w- C:\Windows\SysWow64\sho6BC9.tmp
2013-09-13 11:08:02 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-13 11:08:02 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-13 04:02:59 -------- dc----w- C:\Users\Dillon\AppData\Roaming\SearchProtect
2013-09-13 04:02:55 -------- dc----w- C:\Program Files (x86)\Conduit
2013-09-13 04:02:32 -------- dc----w- C:\ProgramData\Conduit
2013-09-13 04:02:29 -------- dc----w- C:\Users\Dillon\AppData\Local\Conduit
2013-09-13 03:59:59 -------- dc----w- C:\Program Files (x86)\ss helper
2013-09-13 03:59:23 -------- dc----w- C:\ProgramData\savensHAre
2013-09-13 03:54:23 -------- dc----w- C:\ProgramData\InstallMate
2013-09-12 11:28:00 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-11 06:43:13 -------- dc----w- C:\Users\Dillon\AppData\Roaming\USB Optical Mouse
2013-09-10 16:57:42 -------- dc----w- C:\Program Files (x86)\USB Optical Mouse
2013-09-09 00:50:26 0 ----a-w- C:\Windows\SysWow64\shoED2E.tmp
2013-09-05 14:04:02 209272 -c--a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-09-03 17:18:43 -------- dc----w- C:\Users\Dillon\AppData\Local\{FF738D50-629E-4225-976B-EB55958ECD85}
2013-09-03 03:59:13 -------- dc----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-03 03:28:01 -------- dc----w- C:\Program Files\VS Revo Group
2013-09-02 19:39:09 -------- dc----w- C:\Users\Dillon\AppData\Local\{82B95313-8DDC-4F4C-9F54-18085EA1C8A4}
2013-09-02 07:38:29 -------- dc----w- C:\Users\Dillon\AppData\Local\{5DEFD5C7-F488-46A9-B367-8000DCD79E1C}
2013-08-30 18:51:23 -------- dc----w- C:\Users\Dillon\AppData\Local\{B2CD6610-2462-4DEE-80FA-85EAEB7568FD}
2013-08-30 11:24:37 -------- dc----r- C:\Program Files (x86)\Skype
2013-08-26 04:43:14 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-22 20:14:37 -------- dc----w- C:\Program Files (x86)\Flash Movie Player
2013-08-22 01:13:17 -------- dc----w- C:\Users\Dillon\AppData\Roaming\PyBitmessage
2013-08-21 07:19:14 17160072 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-09-14 08:46:33 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-14 08:46:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-26 04:42:46 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-08-26 04:42:45 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-15 03:15:18 0 ----a-w- C:\Windows\SysWow64\shoCEDF.tmp
2013-07-11 21:26:04 0 ----a-w- C:\Windows\SysWow64\sho47FE.tmp
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-26 23:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys
2013-06-26 23:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys
2013-06-26 23:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys
2013-06-26 23:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll
2013-06-26 23:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll
2013-06-26 23:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys
.
============= FINISH: 23:32:48.62 ===============
attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/17/2012 4:06:53 PM
System Uptime: 9/19/2013 11:24:18 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3672
Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz | CPU1 | 1500/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 108.46 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.296 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SCH-I510
Device ID: USB\VID_04E8&PID_5A0F\30317CA9012000EC
Manufacturer: samsung
Name: SCH-I510
PNP Device ID: USB\VID_04E8&PID_5A0F\30317CA9012000EC
Service: WUDFRd
.
==== System Restore Points ===================
.
RP325: 9/17/2013 7:07:58 PM - Windows Update
RP326: 9/19/2013 2:36:27 AM - Removed System Requirements Lab CYRI
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 12.0
Age of Empires II HD Edition version 1.0.0.0
avast! Free Antivirus
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO Internet Security
Compaq Setup Manager
CyberLink YouCam
D3DX10
ESU for Microsoft Windows 7 SP1
EverQuest
GimpShop 2.8
Google Earth Plug-in
Google Update Helper
GTA San Andreas
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Software Framework
HP Support Assistant
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.7.5 (Full)
magicJack
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Metal Gear Solid
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft WSE 3.0 Runtime
Morrowind
Morrowind Script Extender 0.9.4.1
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Most Wanted (black edition)
Opera 12.16
PlayReady PC Runtime x86
Poker Superstars III
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
Revo Uninstaller 1.95
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype 6.7
ss helper 1.74
SUPERAntiSpyware
swMSM
Synaptics TouchPad Driver
System Requirements Lab Detection
TES Construction Set
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
USB Optical Mouse
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.7
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/19/2013 6:49:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/19/2013 6:49:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sftlist service.
9/19/2013 2:35:21 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.2, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/19/2013 11:26:04 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
9/19/2013 11:26:04 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.12, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/19/2013 11:25:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091913-31012-01.
9/19/2013 11:24:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
9/19/2013 10:51:39 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.168.137, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/19/2013 10:51:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000c08120888, 0x0000000000000002, 0x0000000000000000, 0xfffff8000304a977). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091913-31044-01.
9/19/2013 10:24:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/19/2013 1:14:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/19/2013 1:14:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/19/2013 1:14:41 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.13, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/18/2013 11:30:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
9/18/2013 11:29:40 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address 00-1A-79-10-09-2F. Network operations on this system may be disrupted as a result.
9/17/2013 11:53:34 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.2 with the system having network hardware address A4-1F-72-6F-C7-78. Network operations on this system may be disrupted as a result.
9/16/2013 9:22:48 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.16, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/16/2013 3:02:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
9/16/2013 2:02:18 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E38D684B-0B0A-40B3-A214-6C49E3C0CAED}. The master browser is stopping or an election is being forced.
9/16/2013 2:01:07 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.10, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/16/2013 11:17:13 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.0.8, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/16/2013 10:30:44 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/15/2013 8:46:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000c0a2e7498, 0x0000000000000002, 0x0000000000000000, 0xfffff80002e4c977). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091513-43305-01.
9/15/2013 8:07:48 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
9/15/2013 8:05:45 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.127, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/15/2013 11:34:42 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E38D684B-0B0A-40B3-A214-6C49E3C0CAED} because another computer on the network has the same name. The server could not start.
9/15/2013 10:13:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/13/2013 1:55:18 PM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
ark.txt
When I started up the GMER scan, I followed the directions- closing all programs and not moving the mouse- and it ran for about 10 seconds and this is what came up:
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-20 00:24:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298.09GB
Running: wznkveoo.exe; Driver: C:\Users\Dillon\AppData\Local\Temp\uxroaaoc.sys
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs fffffa80030b82c0
Device \FileSystem\fastfat \Fat fffffa8006a3d2c0
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\lsass.exe [776:804] 000007fefcacdf50
Thread C:\Windows\system32\svchost.exe [628:2148] 000007fef7d7bd88
Thread C:\Windows\system32\svchost.exe [628:2600] 000007fef7ba83d8
Thread C:\Windows\system32\svchost.exe [628:2604] 000007fef7ba83d8
Thread C:\Windows\system32\svchost.exe [628:1732] 000007fefa593f1c
Thread C:\Windows\system32\svchost.exe [628:2576] 000007fefafe1a38
Thread C:\Windows\system32\svchost.exe [628:1620] 000007fefa5f5388
Thread C:\Windows\system32\svchost.exe [628:568] 000007fefa517738
Thread C:\Windows\system32\svchost.exe [628:1040] 000007fefa501f90
Thread C:\Windows\system32\svchost.exe [628:3892] 000007fef7ca5124
Thread C:\Windows\system32\svchost.exe [628:4276] 000007fef89e5170
Thread C:\Windows\system32\svchost.exe [1104:1664] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:1796] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:760] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:3044] 000007fef3acc2d4
Thread C:\Windows\system32\svchost.exe [1104:1204] 000007fef7ca5124
Thread C:\Windows\system32\svchost.exe [1300:1436] 000007fef9bb8274
Thread C:\Windows\system32\svchost.exe [1300:1708] 000007fef9bb8274
Thread C:\Windows\Explorer.EXE [1748:1672] 000007fef41b2118
Thread C:\Windows\Explorer.EXE [1748:4076] 000007fef40d2f9c
Thread C:\Windows\Explorer.EXE [1748:1544] 000007fefb551010
Thread C:\Windows\system32\taskhost.exe [1916:2008] 000007fefba91f38
Thread C:\Windows\system32\taskhost.exe [1916:2028] 000007fefb551010
Thread C:\Windows\system32\taskhost.exe [1916:1804] 000007fefed7c608
Thread C:\Windows\system32\taskhost.exe [1916:3376] 000007fef89e5170
Thread C:\Windows\system32\svchost.exe [1972:1244] 000007fef85335c0
Thread C:\Windows\system32\svchost.exe [1972:3664] 000007fef8535600
Thread C:\Windows\system32\svchost.exe [1972:3708] 000007fef54c2888
Thread C:\Windows\system32\svchost.exe [1972:3768] 000007fef4ed2940
Thread C:\Windows\system32\svchost.exe [2536:2616] 000007fef7c27130
Thread C:\Windows\system32\svchost.exe [2536:2620] 000007fef7c1d5c0
Thread C:\Windows\system32\wbem\wmiprvse.exe [3156:4228] 000007fef7ac1c20
Thread C:\Windows\System32\svchost.exe [3932:4700] 000007feef7397fc
Thread C:\Windows\System32\svchost.exe [3932:2504] 000007feef746a04
Thread C:\Windows\System32\svchost.exe [3932:3264] 000007feef73df84
Thread C:\Windows\System32\svchost.exe [3932:4216] 000007feef73bc88
Thread C:\Windows\System32\svchost.exe [3932:4144] 000007feedd59688
---- EOF - GMER 2.1 ----
I ran this GMER scan exactly as instructed. I've used your sites fine services before on another computer and I thought that the GMER results should be longer. No messages about rootkit activity, so I don't know what's going on there.
Thanks in advance