Internet search redirect virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

gknight86

Thread Starter
Joined
Jan 6, 2013
Messages
21
I had this problem with my laptop and got it fixed here recently. Now my desktop is doing it as well. Any help is appreciated.

SysInfo:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: AMD Phenom(tm) II X4 820 Processor, AMD64 Family 16 Model 4 Stepping 2
Processor Count: 4
RAM: 6127 Mb
Graphics Card: ATI Radeon HD 5770, 1024 Mb
Hard Drives: C: Total - 935270 MB, Free - 816586 MB; E: Total - 152588 MB, Free - 31621 MB;
Motherboard: Gateway, DX4320
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled

HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:41:53 PM, on 1/20/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Users\Owner\AppData\Roaming\System\svchost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WhiteSmoke US New - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\j2re1.4.2\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\j2re1.4.2\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
O4 - HKLM\..\Run: [Windows Services Host] "C:\Users\Owner\AppData\Roaming\System\svchost.exe" 3
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
O4 - HKCU\..\Run: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW (User 'Default user')
O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
O23 - Service: lxea_device - - C:\Windows\system32\lxeacoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12689 bytes

dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.4.2
Run by Owner at 13:42:33 on 2013-01-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6128.4460 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
"C:\Users\Owner\AppData\Roaming\System\svchost.exe" 3
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
uURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
mURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke US New Toolbar: {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MusicManager] "C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [PCShowServer] "C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
mRun: [Windows Services Host] "C:\Users\Owner\AppData\Roaming\System\svchost.exe" 3
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{151B2D35-6C77-42A8-863B-63E00D73C362} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: PFW - <no file>
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-5-31 235312]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/04/03 12:09:11];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-2-8 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-31 202752]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-5 1153368]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-5-31 243232]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2010-7-26 1799808]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-31 346144]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2010-8-9 620576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2010-4-14 45736]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-4 1255736]
.
=============== Created Last 30 ================
.
2013-01-09 07:07:55 424960 ----a-w- C:\Windows\System32\KernelBase.dll
.
==================== Find3M ====================
.
2013-01-09 14:34:13 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 14:34:13 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-30 02:04:57 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-30 02:04:55 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-30 02:04:55 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-23 03:45:35 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:55:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 05:10:07 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:34:53 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:49:55 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 11:08:16 88576 ----a-w- C:\Windows\System32\wddmn4ui.dll
2012-11-02 11:08:16 303616 ----a-w- C:\Windows\System32\wddmn4.dll
2012-11-02 05:30:41 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-02 05:30:40 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:50:33 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-02 04:50:33 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 13:43:19.39 ===============

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/3/2012 12:02:41 PM
System Uptime: 1/20/2013 1:20:14 PM (0 hours ago)
.
Motherboard: Gateway | | DX4320
Processor: AMD Phenom(tm) II X4 820 Processor | CPU 1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 913 GiB total, 797.448 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 149 GiB total, 30.88 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&5CA6142&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&5CA6142&0
Service: i8042prt
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&5CA6142&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&5CA6142&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP151: 1/10/2013 3:00:13 AM - Windows Update
RP152: 1/11/2013 3:00:13 AM - Windows Update
RP153: 1/12/2013 3:00:11 AM - Windows Update
RP154: 1/13/2013 3:00:10 AM - Windows Update
RP155: 1/14/2013 3:00:11 AM - Windows Update
RP156: 1/15/2013 3:00:11 AM - Windows Update
RP157: 1/16/2013 3:00:11 AM - Windows Update
RP158: 1/17/2013 3:00:11 AM - Windows Update
RP159: 1/18/2013 3:00:11 AM - Windows Update
RP160: 1/19/2013 3:00:11 AM - Windows Update
RP161: 1/19/2013 11:51:05 AM - Windows Update
RP162: 1/20/2013 1:24:38 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Advertising Center
AMD DnD V1.0.20
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Bob the Builder Can-Do-Zoo
Bonjour
Bonjour Print Services
Boxee Media Manager
Build-a-lot 2
calibre
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Company of Heroes
Company of Heroes: Tales of Valor
Convert AVI to MP4
CyberLink PowerDVD 9
Darksiders
DarksidersInstaller
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DIRECTV Player
Dropbox
eBay Worldwide
Escape Rosecliff Island
EverQuest
Fable - The Lost Chapters
Faerie Solitaire
FATE - The Traitor Soul
Gateway Game Console
Gateway Games
Gateway InfoCentre
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotkey Utility
Identity Card
ImagXpress
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java 7 Update 9 (64-bit)
Jewel Quest Solitaire 3
Junk Mail filter update
Lexmark S300-S400 Series
LG Verizon United Drivers
Magelo Sync (uninstall only)
Metro 2033
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Monopoly
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
Mystery P.I. - Lost in Los Angeles
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Online Backup
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Red Faction: Armageddon
Scrabble Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Spybot - Search & Destroy
Steam
SUPERAntiSpyware
System Requirements Lab CYRI
The Price is Right
TuneUp 2.4.6.4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Virtual Families
Virtual Villagers - A New Home
Welcome Center
WhiteSmoke US New Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.11 (64-bit)
Yahtzee
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/20/2013 1:26:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
1/20/2013 1:20:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
1/20/2013 1:20:42 PM, Error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

ark.txt:

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-20 14:27:19
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\0000005d WDC_____ rev.01.0 931.45GB
Running: burfwv8w.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kwloapow.sys

---- User code sections - GMER 2.0 ----
.text C:\Windows\system32\svchost.exe[1092] c:\windows\system32\DNSAPI.dll!Query_Main 000007fefd663648 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
.text ... * 9
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
.text ... * 9
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
.text ... * 9
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
.text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
.text ... * 9
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
.text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077143f54 5 bytes JMP 000000016b069eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000077152a3e 5 bytes JMP 000000016b1b8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077152a62 5 bytes JMP 000000016afc1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007717cc1a 5 bytes JMP 000000016b1b8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007717cf72 5 bytes JMP 000000016b1b901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007718fd61 5 bytes JMP 000000016b1b8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007718fe2d 5 bytes JMP 000000016b1b8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007718fe66 5 bytes JMP 000000016b1b8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007718fe8a 5 bytes JMP 000000016b1b8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076269404 5 bytes JMP 000000016b1b91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000073287c30 5 bytes JMP 000000016b1b9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000073327bb2 5 bytes JMP 000000016b1b9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077239a4c 5 bytes JMP 000000016b1b93c8
? C:\Windows\system32\mssprxy.dll [4396] entry point in ".rdata" section 000000006a9271e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d5260d 6 bytes JMP 000000016b088042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d62a93 6 bytes JMP 000000016b029805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075731ea8 5 bytes JMP 000000016b0275db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077138b9a 5 bytes JMP 000000016b0903cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007713a5e6 5 bytes JMP 000000016b03363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077143f54 5 bytes JMP 000000016b069eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000771506b3 5 bytes JMP 000000016b0625ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000077152a3e 5 bytes JMP 000000016b1b8fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077152a62 5 bytes JMP 000000016afc1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!CallNextHookEx 000000007715f006 5 bytes JMP 000000016b087fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000077160efc 5 bytes JMP 000000016b0aed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007717cc1a 5 bytes JMP 000000016b1b8f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007717cf72 5 bytes JMP 000000016b1b901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007718fd61 5 bytes JMP 000000016b1b8ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007718fe2d 5 bytes JMP 000000016b1b8e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007718fe66 5 bytes JMP 000000016b1b8dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007718fe8a 5 bytes JMP 000000016b1b8d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000755c5bf6 5 bytes JMP 000000016b1b9784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076203e59 5 bytes JMP 000000016b1b987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076203eae 5 bytes JMP 000000016b1b98fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076204731 5 bytes JMP 000000016b1b97ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076205dee 5 bytes JMP 000000016b1b989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076269404 5 bytes JMP 000000016b1b91d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000073287c30 5 bytes JMP 000000016b1b9080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000073327bb2 5 bytes JMP 000000016b1b9128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077239a4c 5 bytes JMP 000000016b1b93c8
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
.text ... * 9
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
---- Devices - GMER 2.0 ----
Device \Driver\ahcix64s \Device\0000005d ws\system32\DRIVERS\kbdclass.sys
---- Trace I/O - GMER 2.0 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800739e5e8]<< fffffa800739e5e8
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f62060] fffffa8005f62060
Trace 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8005ce59c0] fffffa8005ce59c0
Trace \Driver\ahcix64s[0xfffffa80072ec060] -> IRP_MJ_CREATE -> 0xfffffa800739e5e8 fffffa800739e5e8
---- Threads - GMER 2.0 ----
Thread C:\Users\Owner\AppData\Roaming\System\svchost.exe [3108:4372] 0000000000551c86
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4592] 000007fef23a2264
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4316] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:3820] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:3824] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:3892] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4648] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4660] 000007fef24ce43c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4692] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:212] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:164] 000007fef24f9754
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:3832] 000007fef29caf10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4360] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4528] 000007fef23a2264
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4500] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4488] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4484] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4268] 000007fef24ce43c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:1196] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:1064] 000007fef29caf10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:5096] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:2416] 000007fefc6b2a88
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4032] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4652] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4684] 000007fef239d73c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:3068] 000007fef24f9754
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4960] 000007fef239d73c
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4092] 000007fef9a30000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176] 000007fef4e20000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716] 000007fefe530000
---- EOF - GMER 2.0 ----


Thanks!
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
gknight86,
You can't expect the machine to survive for long out there without an up to date antivirus.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop but don't run it yet.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Adobe Reader 9.1 MUI
Java 2 Runtime Environment, SE v1.4.2
<== this will positively get your computer infected
Java 7 Update 9 (64-bit)
WhiteSmoke US New Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 11.0.01 are vulnerable.
Go HERE to download AdbeRdr11001_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
When it finishes, you can remove the Installer from your desktop.
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".

askey127
 

gknight86

Thread Starter
Joined
Jan 6, 2013
Messages
21
Sorry it took me a while to get back...real life sucks sometimes!

RKreport:

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/21/2013 23:45:56
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] VZWUAAgent.exe -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DIRECTV Player (rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : DIRECTV Player (rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1159614075-462506553-904502053-1000[...]\Run : DIRECTV Player (rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : DIRECTV Player (rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : BYRUA_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADS-22M2B0 SCSI Disk Device +++++
--- User ---
[MBR] 690c7b80ab1dd5013eebc42d3b4ad3e5
[BSP] 98f2f8255e13611b38ab9dab3521e649 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 935271 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_01212013_02d2345.txt >>
RKreport[1]_S_01212013_02d2345.txt
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
gknight86,
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *sweetim*
    *pccleanpro*
    *pc clean*
    pcprosd.dll
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *sweetim*
    *pccleanpro*
    *pc clean*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    sweetie
    sweetim
    pccleanpro
    pc clean
    5c5de06d-cf99-47d6-9bab-61001fee4721
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
 

gknight86

Thread Starter
Joined
Jan 6, 2013
Messages
21
SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 06:43 on 22/01/2013 by Owner
Administrator - Elevation successful
========== filefind ==========
Searching for "*Fun4IM*"
No files found.
Searching for "*Bandoo*"
No files found.
Searching for "*Searchnu*"
No files found.
Searching for "*Searchqu*"
No files found.
Searching for "*iLivid*"
No files found.
Searching for "*whitesmoke*"
No files found.
Searching for "*datamngr*"
No files found.
Searching for "*trolltech*"
No files found.
Searching for "*sweetim*"
No files found.
Searching for "*pccleanpro*"
No files found.
Searching for "*pc clean*"
No files found.
Searching for "pcprosd.dll"
No files found.
========== folderfind ==========
Searching for "*Fun4IM*"
No folders found.
Searching for "*Bandoo*"
No folders found.
Searching for "*Searchnu*"
No folders found.
Searching for "*Searchqu*"
No folders found.
Searching for "*iLivid*"
No folders found.
Searching for "*whitesmoke*"
No folders found.
Searching for "*datamngr*"
No folders found.
Searching for "*trolltech*"
No folders found.
Searching for "*sweetim*"
No folders found.
Searching for "*pccleanpro*"
No folders found.
Searching for "*pc clean*"
C:\Users\Lindsay\AppData\Roaming\PC Cleaners d------ [01:03 18/10/2012]
========== Regfind ==========
Searching for "Fun4IM"
No data found.
Searching for "Bandoo"
No data found.
Searching for "Searchnu"
No data found.
Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
Searching for "iLivid"
No data found.
Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}]
"DisplayName"="WhiteSmoke US New Customized Web Search"
[HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}]
"DisplayName"="WhiteSmoke US New Customized Web Search"
Searching for "datamngr"
No data found.
Searching for "kelkoopartners"
No data found.
Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
Searching for "sweetie"
No data found.
Searching for "sweetim"
No data found.
Searching for "pccleanpro"
No data found.
Searching for "pc clean"
No data found.
Searching for "5c5de06d-cf99-47d6-9bab-61001fee4721"
No data found.
-= EOF =-
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
gknight86,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code:
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}]
    [-HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}]
    
    :Files
    C:\Users\Lindsay\AppData\Roaming\PC Cleaners
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The FIX log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.

askey127
 

gknight86

Thread Starter
Joined
Jan 6, 2013
Messages
21
OTL Fix:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C972810-224F-442F-ADDC-114A6C8F1EAE}\ not found.
Registry key HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C972810-224F-442F-ADDC-114A6C8F1EAE}\ not found.
========== FILES ==========
C:\Users\Lindsay\AppData\Roaming\PC Cleaners folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lindsay
->Temp folder emptied: 328025 bytes
->Temporary Internet Files folder emptied: 254301113 bytes
->Java cache emptied: 3488328 bytes
->Google Chrome cache emptied: 403466763 bytes
->Flash cache emptied: 34906 bytes

User: Owner
->Temp folder emptied: 22687239 bytes
->Temporary Internet Files folder emptied: 353270186 bytes
->Java cache emptied: 2123289 bytes
->Google Chrome cache emptied: 61195845 bytes
->Flash cache emptied: 2293 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79046848 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 188008 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,125.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01222013_164417
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXSA37XA\1086130-internet-search-redirect-virus[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1LWB6YE\si[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HACZMD8\si[1].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

CK Files:

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\macroquest2\mq2docrack.dll
c:\macroquest2\mq2docrack.ini
c:\macroquest2\uifiles\default\mqui_docrackwnd.xml
c:\users\owner\music\itunes\itunes media\mobile applications\cracked hd 2.5.ipa
c:\users\owner\music\itunes\itunes media\mobile applications\crackle 3.0.3.ipa
scanner sequence 3.EM.11.UBNAPO
----- EOF -----
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
You should not have that macroquest2 crack on your machine.
Cracks, besides being illegal, will get your machine infected.

Tell me how the machine is running.
 

gknight86

Thread Starter
Joined
Jan 6, 2013
Messages
21
You should not have that macroquest2 crack on your machine.
Cracks, besides being illegal, will get your machine infected.

Tell me how the machine is running.
I don't actually know how those got on there...but I used the macroquest2 uninstaller to remove it.

The computer is still going to random sites when clicking on links. Maybe it's just me but it doesn't seem to do it as often, but it still is doing it.
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
gknight86,
Bonjour and its services are classified as adware, but as long as you have Apple software, it's going to keep getting installed.
Let's see what else may be on there.
-------------------------------------------------------------
AdwCleaner Download
Please download AdwCleaner from HERE and save it to your desktop or somewhere you can find it.
-------------------------------------------------------------
AdwCleaner Scan
  • Close all open programs and internet browsers.
  • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
  • Click on the Search button.
  • When the results log pops up, please copy and paste the contents in your reply.
The log file is saved in the C: drive main directory with this filepath: C:\AdwCleaner[R1].txt. (x in the filename represents the run number)
When you close/exit adwCleaner, if you get a message about not performing any Deletions, that's OK. We need to evaluate the scan log first.

askey127
 

gknight86

Thread Starter
Joined
Jan 6, 2013
Messages
21
AdwCleaner:

# AdwCleaner v2.108 - Logfile created 01/24/2013 at 16:59:37
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
File Found : C:\END
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Owner\AppData\Local\Conduit
Folder Found : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Found : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Owner\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKU\S-1-5-21-1159614075-462506553-904502053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v24.0.1312.56
File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2017 octets] - [24/01/2013 16:59:37]
########## EOF - C:\AdwCleaner[R1].txt - [2077 octets] ##########
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
gknight86,
-------------------------------------------------------------
AdwCleaner Removals
  • Close all open programs and internet browsers.
  • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
  • This time, click on the Delete button.
  • Click OK to the prompts.
  • Your computer will be rebooted automatically. A log will open after the restart.
  • Post the contents of the log in your next reply.
You can also find the log in the main directory of the C: drive as C:\AdwCleaner[S1].txt
-------------------------------------------------------------
Open Internet explorer
Go to Tools> Internet Options > Security tab, and click on Trusted sites.
Delete everything, except for entries of Microsoft or your Internet Provider.
Exit Internet Explorer

askey127
 

gknight86

Thread Starter
Joined
Jan 6, 2013
Messages
21
AdwCleaner(S1):

# AdwCleaner v2.108 - Logfile created 01/24/2013 at 19:46:00
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v24.0.1312.56
File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2144 octets] - [24/01/2013 16:59:37]
AdwCleaner[S1].txt - [1962 octets] - [24/01/2013 19:46:00]
########## EOF - C:\AdwCleaner[S1].txt - [2022 octets] ##########
 

gknight86

Thread Starter
Joined
Jan 6, 2013
Messages
21
It seems to be running fine now...The only issue I have is that everytime I sign onto my computer I get an error that reads: There was a problem starting C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTVPlayer\pvpgx.dll The specified module could not be found.

Any idea what that might be?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top