1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ads playing in background and "Missing Plug In" pop out windows

Discussion in 'Virus & Other Malware Removal' started by Galadriel87, Feb 19, 2013.

Thread Status:
Not open for further replies.
  1. Galadriel87

    Galadriel87 Thread Starter

    Joined:
    Feb 19, 2013
    Messages:
    1
    Hello, a couple of weeks ago, some random ads started playing in the background of my computer, mostly when I started Chrome. I couldn't tell the source of these ads since I didn't have any other programs running, but Chrome. This has happened to me almost every day along with these annoying pop out windows with a message: "Missing Plugin! Click here to download". Somebody recommended to run TDSSKiller, which I did, but it didn't find any threats.

    I really hope you can help me out with this one. Thanks in advance!


    OS: Windows 8

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:05:14 PM, on 2/19/2013
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v10.0 (10.00.9200.16482)
    Boot mode: Normal

    Running processes:
    C:\windows\syswow64\wwahost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Ana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Ana\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.27010003&st=12&barid={565DC01D-7340-4F35-BBD8-7366CE8DBE0F}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Ana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN26J3H1DV05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_DB17FE78C49A2158FE9B733AF3BC8697] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - Startup: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL
    O9 - Extra button: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 13215 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16482
    Run by Ana at 14:14:21 on 2013-02-19
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.7894.5235 [GMT -5:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\dashost.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
    C:\windows\System32\dwm.exe
    C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
    C:\windows\system32\taskhostex.exe
    C:\windows\Explorer.EXE
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\windows\system32\igfxext.exe
    C:\windows\syswow64\wwahost.exe
    C:\Program Files (x86)\Samsung\Settings\sSettings.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\RunDll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Samsung\S Agent\CommonAgent.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Ana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://samsung13.msn.com
    mStart Page = hxxp://home.sweetim.com/?crg=3.27010003&st=12&barid={565DC01D-7340-4F35-BBD8-7366CE8DBE0F}
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ips\ipsbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    uRun: [Google Update] "C:\Users\Ana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN26J3H1DV05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
    uRun: [GoogleChromeAutoLaunch_DB17FE78C49A2158FE9B733AF3BC8697] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk - C:\windows\System32\RunDll32.exe
    IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
    IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{00336A93-E638-4C79-A6A0-E96677BA580F} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{7965A9C8-548F-4FBF-8111-A98256365314} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{7965A9C8-548F-4FBF-8111-A98256365314}\A45514E45435 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{7965A9C8-548F-4FBF-8111-A98256365314}\E4544574541425 : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-8-30 645952]
    R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2012-8-30 168608]
    R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-8-30 92536]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-16 731688]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-30 1091520]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-8-30 1112000]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-1 135952]
    R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-9-5 1593976]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-8-30 128896]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-30 165760]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe [2013-1-18 143928]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-10 3939008]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-12-6 794272]
    R2 SWUpdateService;SW Update Service;C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-12-27 2879176]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-30 364416]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-7-16 162344]
    R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120]
    R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-30 110592]
    R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-30 825344]
    R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1402010.016\ccsetx64.sys [2013-1-18 168096]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-16 138912]
    R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-8-14 313712]
    R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-30 55848]
    R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130216.001\IDSviA64.sys [2013-2-18 513184]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-18 342528]
    R3 NETwNe64;@oem2.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-8-7 4273192]
    R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-8-4 23408]
    R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-8-29 683664]
    R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1402010.016\symds64.sys [2013-1-18 493216]
    R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1402010.016\symefa64.sys [2013-1-18 1133216]
    R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1402010.016\ironx64.sys [2013-1-18 224416]
    R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1402010.016\symnets.sys [2013-1-18 432800]
    S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1402010.016\symelam.sys [2013-1-18 23448]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-17 2699568]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-7-16 162344]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-17 272176]
    S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\System32\Drivers\rtwlanu.sys [2012-6-2 1051752]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
    .
    =============== Created Last 30 ================
    .
    2013-02-16 16:51:32 1690624 ----a-w- C:\windows\System32\GdiPlus.dll
    2013-02-16 16:51:32 1437696 ----a-w- C:\windows\SysWow64\GdiPlus.dll
    2013-02-14 21:06:08 4055552 ----a-w- C:\windows\System32\win32k.sys
    2013-02-14 19:19:59 78176 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-14 19:19:58 692576 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-14 17:56:30 206016 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10193.bin
    2013-02-14 17:33:42 6967016 ----a-w- C:\windows\System32\ntoskrnl.exe
    2013-02-14 06:32:07 2226408 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2013-02-13 20:20:18 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 20:20:18 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-09 02:14:00 -------- d-----w- C:\Program Files\iPod
    2013-02-09 02:13:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-02-09 02:13:59 -------- d-----w- C:\Program Files\iTunes
    2013-02-09 02:13:59 -------- d-----w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2013-01-16 00:35:49 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
    2013-01-16 00:31:26 53760 ----a-w- C:\windows\System32\UXInit.dll
    2013-01-10 01:53:32 28904 ----a-w- C:\windows\System32\drivers\msgpiowin32.sys
    2013-01-10 01:40:39 1448168 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
    2013-01-10 01:40:38 303848 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
    2013-01-10 01:39:29 194280 ----a-w- C:\windows\System32\drivers\sdbus.sys
    2013-01-10 01:39:22 124648 ----a-w- C:\windows\System32\drivers\dumpsd.sys
    2013-01-10 01:29:56 91880 ----a-w- C:\windows\System32\drivers\partmgr.sys
    2013-01-10 01:29:54 1934056 ----a-w- C:\windows\System32\drivers\ntfs.sys
    2013-01-10 01:29:21 785504 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
    2013-01-09 23:26:53 83968 ----a-w- C:\windows\SysWow64\wiaacmgr.exe
    2013-01-09 23:26:46 1611776 ----a-w- C:\windows\SysWow64\mmc.exe
    2013-01-09 23:26:35 410624 ----a-w- C:\windows\SysWow64\Windows.Networking.dll
    2013-01-09 23:26:35 261120 ----a-w- C:\windows\SysWow64\Windows.Media.dll
    2013-01-09 23:26:23 1752064 ----a-w- C:\windows\SysWow64\setupapi.dll
    2013-01-09 23:26:20 67584 ----a-w- C:\windows\SysWow64\samlib.dll
    2013-01-09 23:26:08 115712 ----a-w- C:\windows\SysWow64\netprofm.dll
    2013-01-09 23:26:04 890880 ----a-w- C:\windows\SysWow64\msctf.dll
    2013-01-09 23:26:03 436736 ----a-w- C:\windows\SysWow64\MP4SDECD.DLL
    2013-01-09 23:23:32 95232 ----a-w- C:\windows\System32\wiaacmgr.exe
    2013-01-09 23:23:25 2094592 ----a-w- C:\windows\System32\mmc.exe
    2013-01-09 23:23:23 240640 ----a-w- C:\windows\System32\fsquirt.exe
    2013-01-09 23:23:18 256000 ----a-w- C:\windows\System32\WSDMon.dll
    2013-01-09 23:23:16 1964544 ----a-w- C:\windows\System32\wlidsvc.dll
    2013-01-09 23:23:14 594944 ----a-w- C:\windows\System32\Windows.Networking.dll
    2013-01-09 23:23:14 406016 ----a-w- C:\windows\System32\Windows.Media.dll
    2013-01-09 23:23:07 1886208 ----a-w- C:\windows\System32\setupapi.dll
    2013-01-09 23:23:05 728064 ----a-w- C:\windows\System32\samsrv.dll
    2013-01-09 23:22:53 464384 ----a-w- C:\windows\System32\netprofmsvc.dll
    2013-01-09 23:22:53 151040 ----a-w- C:\windows\System32\netprofm.dll
    2013-01-09 23:22:43 1120768 ----a-w- C:\windows\System32\msctf.dll
    2013-01-09 23:22:41 666112 ----a-w- C:\windows\System32\MP4SDECD.DLL
    2013-01-09 23:22:35 438272 ----a-w- C:\windows\System32\lsm.dll
    2013-01-09 23:22:29 894464 ----a-w- C:\windows\System32\iphlpsvc.dll
    2013-01-09 23:22:29 159232 ----a-w- C:\windows\System32\inetpp.dll
    2013-01-09 23:22:26 49152 ----a-w- C:\windows\System32\drivers\UMDF\HidBthLE.dll
    2013-01-09 23:22:05 1918464 ----a-w- C:\windows\System32\wbem\cimwin32.dll
    2013-01-09 03:59:47 341504 ----a-w- C:\windows\System32\drivers\HdAudio.sys
    2013-01-09 03:59:16 74752 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS
    2013-01-09 03:58:34 51712 ----a-w- C:\windows\System32\drivers\bthenum.sys
    2013-01-09 03:57:50 1175040 ----a-w- C:\windows\System32\drivers\bthport.sys
    2013-01-04 05:32:36 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-01-04 04:19:53 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2012-12-20 00:37:37 1775616 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-12-20 00:37:04 2881536 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-12-20 00:37:02 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2012-12-20 00:37:02 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2012-12-20 00:36:50 431616 ----a-w- C:\windows\apppatch\AcSpecfc.dll
    2012-12-20 00:29:16 2246656 ----a-w- C:\windows\System32\wininet.dll
    2012-12-20 00:29:11 907776 ----a-w- C:\windows\System32\uxtheme.dll
    2012-12-20 00:28:29 3966464 ----a-w- C:\windows\System32\jscript9.dll
    2012-12-20 00:28:26 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2012-12-20 00:28:04 39936 ----a-w- C:\windows\apppatch\apppatch64\acspecfc.dll
    2012-12-18 01:56:27 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
    2012-12-16 08:28:20 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-16 08:20:01 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-16 08:08:33 362496 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-16 07:57:09 300032 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-06 04:23:00 170496 ----a-w- C:\windows\System32\TimeBrokerServer.dll
    2012-12-06 04:22:59 178176 ----a-w- C:\windows\System32\SystemEventsBrokerServer.dll
    2012-12-04 04:21:42 368640 ----a-w- C:\windows\System32\sppwinob.dll
    2012-11-29 05:05:57 707584 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll
    2012-11-29 05:05:57 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll
    2012-11-27 06:59:13 329960 ----a-w- C:\windows\System32\drivers\storport.sys
    2012-11-27 06:39:46 1122768 ----a-w- C:\windows\System32\Taskmgr.exe
    2012-11-27 04:49:20 1027152 ----a-w- C:\windows\SysWow64\Taskmgr.exe
    2012-11-27 04:20:50 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe
    2012-11-27 04:20:42 179200 ----a-w- C:\windows\SysWow64\wpnapps.dll
    2012-11-27 04:20:35 891904 ----a-w- C:\windows\SysWow64\winmde.dll
    2012-11-27 04:20:31 798208 ----a-w- C:\windows\SysWow64\WebcamUi.dll
    2012-11-27 04:20:29 46592 ----a-w- C:\windows\SysWow64\vds_ps.dll
    2012-11-27 04:20:28 560128 ----a-w- C:\windows\SysWow64\UserLanguagesCpl.dll
    2012-11-27 04:20:23 1217536 ----a-w- C:\windows\SysWow64\storagewmi.dll
    2012-11-27 04:20:15 680960 ----a-w- C:\windows\System32\vds.exe
    2012-11-27 04:20:07 702464 ----a-w- C:\windows\SysWow64\nshwfp.dll
    2012-11-27 04:20:07 1123840 ----a-w- C:\windows\System32\mstsc.exe
    2012-11-27 04:19:52 5088256 ----a-w- C:\windows\SysWow64\mstscax.dll
    2012-11-27 04:19:50 244736 ----a-w- C:\windows\System32\wpnapps.dll
    2012-11-27 04:19:48 1096704 ----a-w- C:\windows\System32\wmpmde.dll
    2012-11-27 04:19:42 1145856 ----a-w- C:\windows\System32\winmde.dll
    2012-11-27 04:19:37 955904 ----a-w- C:\windows\System32\WebcamUi.dll
    2012-11-27 04:19:33 631808 ----a-w- C:\windows\System32\UserLanguagesCpl.dll
    2012-11-27 04:19:32 245248 ----a-w- C:\windows\System32\usbmon.dll
    2012-11-27 04:19:25 173568 ----a-w- C:\windows\System32\storewuauth.dll
    2012-11-27 04:19:25 1536512 ----a-w- C:\windows\System32\storagewmi.dll
    2012-11-27 04:19:22 245248 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
    2012-11-27 04:19:09 3245568 ----a-w- C:\windows\System32\rdpcorets.dll
    2012-11-27 04:19:02 2033664 ----a-w- C:\windows\SysWow64\authui.dll
    2012-11-27 04:18:59 888832 ----a-w- C:\windows\System32\nshwfp.dll
    2012-11-27 04:18:39 5974528 ----a-w- C:\windows\System32\mstscax.dll
    2012-11-27 04:18:13 1071104 ----a-w- C:\windows\System32\IKEEXT.DLL
    2012-11-27 04:18:06 378880 ----a-w- C:\windows\System32\FWPUCLNT.DLL
    2012-11-27 04:17:32 718848 ----a-w- C:\windows\System32\BFE.DLL
    2012-11-27 04:17:31 2302464 ----a-w- C:\windows\System32\authui.dll
    2012-11-27 03:57:32 18432 ----a-w- C:\windows\System32\drivers\BtaMPM.sys
    2012-11-27 03:56:29 31104 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys
    2012-11-27 03:55:44 29952 ----a-w- C:\windows\System32\drivers\BthhfHid.sys
    2012-11-26 04:21:18 71168 ----a-w- C:\windows\SysWow64\ncryptsslp.dll
    2012-11-26 04:20:09 86016 ----a-w- C:\windows\System32\ncryptsslp.dll
    .
    ============= FINISH: 14:15:08.73 ===============

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/9/2012 12:21:46 AM
    System Uptime: 2/18/2013 12:37:18 PM (26 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP520U4C-A01UB
    Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 1200/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 675 GiB total, 614.96 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP15: 1/26/2013 1:28:24 PM - Installed SW Update
    RP16: 2/3/2013 2:27:38 PM - Scheduled Checkpoint
    RP17: 2/8/2013 10:07:31 PM - Windows Update
    RP18: 2/13/2013 2:12:59 PM - Windows Update
    RP19: 2/16/2013 9:03:03 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Reader X (10.1.5) MUI
    Adobe Shockwave Player 11.6
    Allshare Play Link
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CyberLink Power2Go 8
    CyberLink PowerDVD 10
    D3DX10
    E-POP
    Easy File Share
    ETDWare PS/2-X64 11.7.2.1_WHQL
    Facebook Video Calling 1.2.0.287
    Galerie de photos
    Galería de fotos
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    Help Desk
    HP Officejet 6700 Basic Device Software
    Intel AppUp(SM) center
    Intel PROSet Wireless
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel® PROSet/Wireless WiFi Software
    Intel® Trusted Connect Service Client
    Internet Explorer Toolbar 4.6 by SweetPacks
    iTunes
    Microsoft Application Error Reporting
    Microsoft Office
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Movie Maker
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    Norton Internet Security
    Norton Online Backup
    Norton Online Backup ARA
    PC Tools Registry Mechanic 11.1
    Photo Common
    Photo Gallery
    Plants vs. Zombies
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Recovery
    S Agent
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Settings
    Support Center
    Support Center FAQ
    SW Update
    SweetIM for Messenger 3.7
    SweetPacks bundle uninstaller
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Manager for SweetPacks 1.1
    User Guide
    Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735)
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.20 (32-bit)
    Xerox PhotoCafe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/18/2013 8:32:35 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.
    2/18/2013 8:32:35 PM, Error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is relay.l.google.com. The SSL connection request has failed. The attached data contains the server certificate.
    2/18/2013 12:38:34 PM, Error: Service Control Manager [7023] -
    2/14/2013 10:49:05 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
    .
    ==== End Of File ===========================

    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-19 14:30:01
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000040 Hitachi_HTS547575A9E384 rev.JE4OA50A 698.64GB
    Running: 0i635xok.exe; Driver: C:\Users\Ana\AppData\Local\Temp\uxloqpob.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\windows\system32\WLANExt.exe[1260] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\windows\system32\WLANExt.exe[1260] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\windows\system32\WLANExt.exe[1260] C:\windows\system32\MSIMG32.dll!GradientFill + 690 000007fd08cd1532 4 bytes [CD, 08, FD, 07]
    .text C:\windows\system32\WLANExt.exe[1260] C:\windows\system32\MSIMG32.dll!GradientFill + 698 000007fd08cd153a 4 bytes [CD, 08, FD, 07]
    .text C:\windows\system32\WLANExt.exe[1260] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fd08cd165a 4 bytes [CD, 08, FD, 07]
    .text C:\windows\System32\spoolsv.exe[1412] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\windows\System32\spoolsv.exe[1412] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1884] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd08cd1532 4 bytes [CD, 08, FD, 07]
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1884] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd08cd153a 4 bytes [CD, 08, FD, 07]
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1884] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd08cd165a 4 bytes [CD, 08, FD, 07]
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1884] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1884] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1884] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fd07411b32 4 bytes [41, 07, FD, 07]
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1884] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fd07411b3a 4 bytes [41, 07, FD, 07]
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1088] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1088] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1088] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd08cd1532 4 bytes [CD, 08, FD, 07]
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1088] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd08cd153a 4 bytes [CD, 08, FD, 07]
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1088] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd08cd165a 4 bytes [CD, 08, FD, 07]
    .text C:\windows\system32\svchost.exe[1764] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\windows\system32\svchost.exe[1764] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6204] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fd07411b32 4 bytes [41, 07, FD, 07]
    .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[6204] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fd07411b3a 4 bytes [41, 07, FD, 07]
    .text C:\windows\Explorer.EXE[3924] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\windows\Explorer.EXE[3924] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\Windows\System32\igfxpers.exe[5920] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\Windows\System32\igfxpers.exe[5920] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe[5140] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe[5140] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe[5140] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd08cd1532 4 bytes [CD, 08, FD, 07]
    .text C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe[5140] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd08cd153a 4 bytes [CD, 08, FD, 07]
    .text C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe[5140] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd08cd165a 4 bytes [CD, 08, FD, 07]
    .text C:\windows\system32\RunDll32.exe[6212] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd08cd1532 4 bytes [CD, 08, FD, 07]
    .text C:\windows\system32\RunDll32.exe[6212] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd08cd153a 4 bytes [CD, 08, FD, 07]
    .text C:\windows\system32\RunDll32.exe[6212] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd08cd165a 4 bytes [CD, 08, FD, 07]
    .text C:\windows\system32\RunDll32.exe[6212] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\windows\system32\RunDll32.exe[6212] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe[2484] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe[2484] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe[6668] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd0ec6177a 4 bytes [C6, 0E, FD, 07]
    .text C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe[6668] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd0ec61782 4 bytes [C6, 0E, FD, 07]

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6916:1480] 000007fd003d19f8
    Thread C:\windows\system32\csrss.exe [1156:2404] fffff960008395e8
    Thread C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe [5572:7412] 0000000001240060

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----
     
  2. nunped

    nunped Malware Specialist

    Joined:
    Sep 20, 2012
    Messages:
    234
    Hello Galadriel87, and welcome to the forum.

    My name is nunped and I'll be helping you with any malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Here are some guidelines for the cleaning process to run as easy as possible.


    1. Please read this topic: Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.
    2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    3. You must have Administrator rights permissions for this computer.
    4. DO NOT run any other fix or removal tools unless instructed to do so!
    5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
    7. Only reply to this thread. Do not start another thread.
    8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".



    Read through these instructions with your full attention.
    Please ask first if you have any doubts.

    I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
     
  3. nunped

    nunped Malware Specialist

    Joined:
    Sep 20, 2012
    Messages:
    234
    Hi galadriel87,

    Step 1
    Multiple Antivirus Programs
    You are running more than 1 Antivirus program!
    Windows Defender
    Norton Internet Security

    Running more than one antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
    I strongly suggest you uninstall one of them. You can choose which one.

    Step 2 - OTL
    Please download OTL by Old Timer. Save it to your Desktop.
    If you can't download the exe file, try these links:
    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr

    • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
    • Click the Scan All Users checkbox.
      Leave the remaining selections to the default settings.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


    Step 3 - SystemLook
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2



    • Right-click SystemLook.exe and select "run as administrator" to run it.
    • Copy and paste the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      *sweetim*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      *sweetim*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
      SweetIM
    • Click the Look button to start the scan.
      The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090214

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice