1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet search redirect virus

Discussion in 'Virus & Other Malware Removal' started by gknight86, Jan 20, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. gknight86

    gknight86 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    21
    I had this problem with my laptop and got it fixed here recently. Now my desktop is doing it as well. Any help is appreciated.

    SysInfo:
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, 64 bit
    Processor: AMD Phenom(tm) II X4 820 Processor, AMD64 Family 16 Model 4 Stepping 2
    Processor Count: 4
    RAM: 6127 Mb
    Graphics Card: ATI Radeon HD 5770, 1024 Mb
    Hard Drives: C: Total - 935270 MB, Free - 816586 MB; E: Total - 152588 MB, Free - 31621 MB;
    Motherboard: Gateway, DX4320
    Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled

    HijackThis:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:41:53 PM, on 1/20/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
    C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    C:\Users\Owner\AppData\Roaming\System\svchost.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WhiteSmoke US New - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\j2re1.4.2\bin\ssv.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\j2re1.4.2\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
    O4 - HKLM\..\Run: [Windows Services Host] "C:\Users\Owner\AppData\Roaming\System\svchost.exe" 3
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [MusicManager] "C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
    O4 - HKCU\..\Run: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-18\..\Run: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW (User 'Default user')
    O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll (file missing)
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
    O23 - Service: lxea_device - - C:\Windows\system32\lxeacoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 12689 bytes

    dds.txt:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.4.2
    Run by Owner at 13:42:33 on 2013-01-20
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6128.4460 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Windows\system32\lxeacoms.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
    C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
    C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
    C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    "C:\Users\Owner\AppData\Roaming\System\svchost.exe" 3
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
    uURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    mURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WhiteSmoke US New Toolbar: {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [MusicManager] "C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [PCShowServer] "C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
    uRun: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
    mRun: [Windows Services Host] "C:\Users\Owner\AppData\Roaming\System\svchost.exe" 3
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    dRun: [DIRECTV Player] rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    TCP: NameServer = 10.0.0.1
    TCP: Interfaces\{151B2D35-6C77-42A8-863B-63E00D73C362} : DHCPNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17360412e006p0475v195k4711r33n
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
    x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Notify: PFW - <no file>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-5-31 235312]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/04/03 12:09:11];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-2-8 146928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-31 202752]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-5 1153368]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-5-31 243232]
    R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2010-7-26 1799808]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-31 346144]
    R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2010-8-9 620576]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2010-4-14 45736]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-4 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-09 07:07:55 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 14:34:13 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 14:34:13 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
    2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 02:04:57 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-11-30 02:04:55 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-11-30 02:04:55 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-11-23 03:45:35 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-22 10:32:45 801280 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 09:33:26 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:55:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 05:10:07 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:34:53 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:49:55 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 11:08:16 88576 ----a-w- C:\Windows\System32\wddmn4ui.dll
    2012-11-02 11:08:16 303616 ----a-w- C:\Windows\System32\wddmn4.dll
    2012-11-02 05:30:41 2001408 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-02 05:30:40 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 04:50:33 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-02 04:50:33 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ============= FINISH: 13:43:19.39 ===============

    attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/3/2012 12:02:41 PM
    System Uptime: 1/20/2013 1:20:14 PM (0 hours ago)
    .
    Motherboard: Gateway | | DX4320
    Processor: AMD Phenom(tm) II X4 820 Processor | CPU 1 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 913 GiB total, 797.448 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 149 GiB total, 30.88 GiB free.
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&5CA6142&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&5CA6142&0
    Service: i8042prt
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&5CA6142&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&5CA6142&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP151: 1/10/2013 3:00:13 AM - Windows Update
    RP152: 1/11/2013 3:00:13 AM - Windows Update
    RP153: 1/12/2013 3:00:11 AM - Windows Update
    RP154: 1/13/2013 3:00:10 AM - Windows Update
    RP155: 1/14/2013 3:00:11 AM - Windows Update
    RP156: 1/15/2013 3:00:11 AM - Windows Update
    RP157: 1/16/2013 3:00:11 AM - Windows Update
    RP158: 1/17/2013 3:00:11 AM - Windows Update
    RP159: 1/18/2013 3:00:11 AM - Windows Update
    RP160: 1/19/2013 3:00:11 AM - Windows Update
    RP161: 1/19/2013 11:51:05 AM - Windows Update
    RP162: 1/20/2013 1:24:38 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1 MUI
    Advertising Center
    AMD DnD V1.0.20
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI AVIVO64 Codecs
    ATI Catalyst Install Manager
    Bejeweled 2 Deluxe
    Bing Bar
    Blackhawk Striker 2
    Bob the Builder Can-Do-Zoo
    Bonjour
    Bonjour Print Services
    Boxee Media Manager
    Build-a-lot 2
    calibre
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Company of Heroes
    Company of Heroes: Tales of Valor
    Convert AVI to MP4
    CyberLink PowerDVD 9
    Darksiders
    DarksidersInstaller
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DIRECTV Player
    Dropbox
    eBay Worldwide
    Escape Rosecliff Island
    EverQuest
    Fable - The Lost Chapters
    Faerie Solitaire
    FATE - The Traitor Soul
    Gateway Game Console
    Gateway Games
    Gateway InfoCentre
    Gateway Photo Frame 4.2.3.10
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Updater
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotkey Utility
    Identity Card
    ImagXpress
    iTunes
    Java 2 Runtime Environment, SE v1.4.2
    Java 7 Update 9 (64-bit)
    Jewel Quest Solitaire 3
    Junk Mail filter update
    Lexmark S300-S400 Series
    LG Verizon United Drivers
    Magelo Sync (uninstall only)
    Metro 2033
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Monopoly
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Manager
    Mystery P.I. - Lost in Los Angeles
    Nero 9 Essentials
    Nero ControlCenter
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    Norton Online Backup
    Penguins!
    Plants vs. Zombies
    Polar Bowler
    Polar Golfer
    Realtek High Definition Audio Driver
    Red Faction: Armageddon
    Scrabble Plus
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Spybot - Search & Destroy
    Steam
    SUPERAntiSpyware
    System Requirements Lab CYRI
    The Price is Right
    TuneUp 2.4.6.4
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Virtual Families
    Virtual Villagers - A New Home
    Welcome Center
    WhiteSmoke US New Toolbar
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR 4.11 (64-bit)
    Yahtzee
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/20/2013 1:26:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
    1/20/2013 1:20:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
    1/20/2013 1:20:42 PM, Error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    ark.txt:

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-20 14:27:19
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\0000005d WDC_____ rev.01.0 931.45GB
    Running: burfwv8w.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kwloapow.sys

    ---- User code sections - GMER 2.0 ----
    .text C:\Windows\system32\svchost.exe[1092] c:\windows\system32\DNSAPI.dll!Query_Main 000007fefd663648 14 bytes {JMP QWORD [RIP+0x0]}
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
    .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1456] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
    .text ... * 9
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe[2716] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
    .text ... * 9
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[2852] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
    .text C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
    .text ... * 9
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
    .text C:\Users\Owner\AppData\Roaming\System\svchost.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077143f54 5 bytes JMP 000000016b069eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000077152a3e 5 bytes JMP 000000016b1b8fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077152a62 5 bytes JMP 000000016afc1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007717cc1a 5 bytes JMP 000000016b1b8f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007717cf72 5 bytes JMP 000000016b1b901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007718fd61 5 bytes JMP 000000016b1b8ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007718fe2d 5 bytes JMP 000000016b1b8e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007718fe66 5 bytes JMP 000000016b1b8dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007718fe8a 5 bytes JMP 000000016b1b8d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076269404 5 bytes JMP 000000016b1b91d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000073287c30 5 bytes JMP 000000016b1b9080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000073327bb2 5 bytes JMP 000000016b1b9128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077239a4c 5 bytes JMP 000000016b1b93c8
    ? C:\Windows\system32\mssprxy.dll [4396] entry point in ".rdata" section 000000006a9271e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d5260d 6 bytes JMP 000000016b088042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d62a93 6 bytes JMP 000000016b029805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075731ea8 5 bytes JMP 000000016b0275db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077138b9a 5 bytes JMP 000000016b0903cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007713a5e6 5 bytes JMP 000000016b03363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077143f54 5 bytes JMP 000000016b069eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000771506b3 5 bytes JMP 000000016b0625ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000077152a3e 5 bytes JMP 000000016b1b8fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077152a62 5 bytes JMP 000000016afc1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!CallNextHookEx 000000007715f006 5 bytes JMP 000000016b087fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000077160efc 5 bytes JMP 000000016b0aed00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007717cc1a 5 bytes JMP 000000016b1b8f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007717cf72 5 bytes JMP 000000016b1b901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007718fd61 5 bytes JMP 000000016b1b8ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007718fe2d 5 bytes JMP 000000016b1b8e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007718fe66 5 bytes JMP 000000016b1b8dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007718fe8a 5 bytes JMP 000000016b1b8d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000755c5bf6 5 bytes JMP 000000016b1b9784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076203e59 5 bytes JMP 000000016b1b987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076203eae 5 bytes JMP 000000016b1b98fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076204731 5 bytes JMP 000000016b1b97ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076205dee 5 bytes JMP 000000016b1b989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076269404 5 bytes JMP 000000016b1b91d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000073287c30 5 bytes JMP 000000016b1b9080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000073327bb2 5 bytes JMP 000000016b1b9128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4784] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077239a4c 5 bytes JMP 000000016b1b93c8
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes [46, 75]
    .text ... * 9
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes [46, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes [46, 75]
    ---- Devices - GMER 2.0 ----
    Device \Driver\ahcix64s \Device\0000005d ws\system32\DRIVERS\kbdclass.sys
    ---- Trace I/O - GMER 2.0 ----
    Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800739e5e8]<< fffffa800739e5e8
    Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f62060] fffffa8005f62060
    Trace 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8005ce59c0] fffffa8005ce59c0
    Trace \Driver\ahcix64s[0xfffffa80072ec060] -> IRP_MJ_CREATE -> 0xfffffa800739e5e8 fffffa800739e5e8
    ---- Threads - GMER 2.0 ----
    Thread C:\Users\Owner\AppData\Roaming\System\svchost.exe [3108:4372] 0000000000551c86
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4592] 000007fef23a2264
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4316] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:3820] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:3824] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:3892] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4648] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4660] 000007fef24ce43c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4692] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:212] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:164] 000007fef24f9754
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:3832] 000007fef29caf10
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176:4360] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4528] 000007fef23a2264
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4500] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4488] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4484] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4268] 000007fef24ce43c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:1196] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:1064] 000007fef29caf10
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:5096] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:2416] 000007fefc6b2a88
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4032] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4652] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4684] 000007fef239d73c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:3068] 000007fef24f9754
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716:4960] 000007fef239d73c
    ---- Processes - GMER 2.0 ----
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4092] 000007fef9a30000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4176] 000007fef4e20000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4716] 000007fefe530000
    ---- EOF - GMER 2.0 ----


    Thanks!
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    gknight86,
    You can't expect the machine to survive for long out there without an up to date antivirus.
    -----------------------------------------------------------
    Download the Microsoft Security Essentials Installer
    The download is here: http://www.microsoft.com/security_essentials/
    Save it to your desktop but don't run it yet.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Adobe Reader 9.1 MUI
    Java 2 Runtime Environment, SE v1.4.2
    <== this will positively get your computer infected
    Java 7 Update 9 (64-bit)
    WhiteSmoke US New Toolbar

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -----------------------------------------------------------
    Install Microsoft Security Essentials
    Double Click the icon for the Microsoft Security Essentials installer.
    Let it install, update itself, run a scan and delete anything it finds.
    --------------------------------------------------------
    Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
    All versions numbered lower than 11.0.01 are vulnerable.
    Go HERE to download AdbeRdr11001_en_US.exe
    Save the file to your desktop and run it to install the latest version of Adobe Reader.
    After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
    Click on Edit and select Preferences.
    On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    Click the OK button
    When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
    When it finishes, you can remove the Installer from your desktop.
    -------------------------------------------------
    Please download RogueKiller.exe and save it to your desktop.

    Run RogueKiller
    • First, quit all running programs.
    • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
    • Note: If the program is blocked, do not hesitate to try several times.
      If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
    • Wait until prescan has finished.
    • Click on the Scan button in the upper right. Wait for it to finish.
    • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
    • Please double click that file RKreport.txt and post its contents in your next Reply.
      (You can also open the report by clicking the Report button on the right).
    • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".

    askey127
     
  3. gknight86

    gknight86 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    21
    Sorry it took me a while to get back...real life sucks sometimes!

    RKreport:

    RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Scan -- Date : 01/21/2013 23:45:56
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] VZWUAAgent.exe -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 13 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DIRECTV Player (rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW) -> FOUND
    [RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : DIRECTV Player (rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1159614075-462506553-904502053-1000[...]\Run : DIRECTV Player (rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : DIRECTV Player (rundll32.exe "C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTV Player\pvpgx.dll",DllRegisterServerW) -> FOUND
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : BYRUA_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD10EADS-22M2B0 SCSI Disk Device +++++
    --- User ---
    [MBR] 690c7b80ab1dd5013eebc42d3b4ad3e5
    [BSP] 98f2f8255e13611b38ab9dab3521e649 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 935271 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1]_S_01212013_02d2345.txt >>
    RKreport[1]_S_01212013_02d2345.txt
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    gknight86,
    ---------------------------------------------
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it. OK the User Account Control.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      *sweetim*
      *pccleanpro*
      *pc clean*
      pcprosd.dll
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      *sweetim*
      *pccleanpro*
      *pc clean*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchnu
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
      sweetie
      sweetim
      pccleanpro
      pc clean
      5c5de06d-cf99-47d6-9bab-61001fee4721
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    askey127
     
  5. gknight86

    gknight86 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    21
    SystemLook.txt

    SystemLook 30.07.11 by jpshortstuff
    Log created at 06:43 on 22/01/2013 by Owner
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "*Fun4IM*"
    No files found.
    Searching for "*Bandoo*"
    No files found.
    Searching for "*Searchnu*"
    No files found.
    Searching for "*Searchqu*"
    No files found.
    Searching for "*iLivid*"
    No files found.
    Searching for "*whitesmoke*"
    No files found.
    Searching for "*datamngr*"
    No files found.
    Searching for "*trolltech*"
    No files found.
    Searching for "*sweetim*"
    No files found.
    Searching for "*pccleanpro*"
    No files found.
    Searching for "*pc clean*"
    No files found.
    Searching for "pcprosd.dll"
    No files found.
    ========== folderfind ==========
    Searching for "*Fun4IM*"
    No folders found.
    Searching for "*Bandoo*"
    No folders found.
    Searching for "*Searchnu*"
    No folders found.
    Searching for "*Searchqu*"
    No folders found.
    Searching for "*iLivid*"
    No folders found.
    Searching for "*whitesmoke*"
    No folders found.
    Searching for "*datamngr*"
    No folders found.
    Searching for "*trolltech*"
    No folders found.
    Searching for "*sweetim*"
    No folders found.
    Searching for "*pccleanpro*"
    No folders found.
    Searching for "*pc clean*"
    C:\Users\Lindsay\AppData\Roaming\PC Cleaners d------ [01:03 18/10/2012]
    ========== Regfind ==========
    Searching for "Fun4IM"
    No data found.
    Searching for "Bandoo"
    No data found.
    Searching for "Searchnu"
    No data found.
    Searching for "Searchqu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    Searching for "iLivid"
    No data found.
    Searching for "whitesmoke"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}]
    "DisplayName"="WhiteSmoke US New Customized Web Search"
    [HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}]
    "DisplayName"="WhiteSmoke US New Customized Web Search"
    Searching for "datamngr"
    No data found.
    Searching for "kelkoopartners"
    No data found.
    Searching for "trolltech"
    [HKEY_CURRENT_USER\Software\Trolltech]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QIconEngineFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QSqlDriverFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech]
    [HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QIconEngineFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
    [HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QSqlDriverFactoryInterface:]
    [HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    Searching for "sweetie"
    No data found.
    Searching for "sweetim"
    No data found.
    Searching for "pccleanpro"
    No data found.
    Searching for "pc clean"
    No data found.
    Searching for "5c5de06d-cf99-47d6-9bab-61001fee4721"
    No data found.
    -= EOF =-
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    gknight86,
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :Reg
      [-HKEY_CURRENT_USER\Software\Trolltech]
      [-HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech]
      [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}]
      [-HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}]
      
      :Files
      C:\Users\Lindsay\AppData\Roaming\PC Cleaners
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      The FIX log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ---------------------------------------------
    Run CKScanner
    Download CKScanner from HERE
    Important - Save it to your desktop.
    Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
    After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
    A message box will verify the file saved. Please run the program just once.
    Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.

    askey127
     
  7. gknight86

    gknight86 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    21
    OTL Fix:

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Trolltech\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C972810-224F-442F-ADDC-114A6C8F1EAE}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1159614075-462506553-904502053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6C972810-224F-442F-ADDC-114A6C8F1EAE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C972810-224F-442F-ADDC-114A6C8F1EAE}\ not found.
    ========== FILES ==========
    C:\Users\Lindsay\AppData\Roaming\PC Cleaners folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Owner\Desktop\cmd.bat deleted successfully.
    C:\Users\Owner\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Lindsay
    ->Temp folder emptied: 328025 bytes
    ->Temporary Internet Files folder emptied: 254301113 bytes
    ->Java cache emptied: 3488328 bytes
    ->Google Chrome cache emptied: 403466763 bytes
    ->Flash cache emptied: 34906 bytes

    User: Owner
    ->Temp folder emptied: 22687239 bytes
    ->Temporary Internet Files folder emptied: 353270186 bytes
    ->Java cache emptied: 2123289 bytes
    ->Google Chrome cache emptied: 61195845 bytes
    ->Flash cache emptied: 2293 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 79046848 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 188008 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,125.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01222013_164417
    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXSA37XA\1086130-internet-search-redirect-virus[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1LWB6YE\si[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HACZMD8\si[1].htm moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...

    CK Files:

    CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
    c:\macroquest2\mq2docrack.dll
    c:\macroquest2\mq2docrack.ini
    c:\macroquest2\uifiles\default\mqui_docrackwnd.xml
    c:\users\owner\music\itunes\itunes media\mobile applications\cracked hd 2.5.ipa
    c:\users\owner\music\itunes\itunes media\mobile applications\crackle 3.0.3.ipa
    scanner sequence 3.EM.11.UBNAPO
    ----- EOF -----
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    You should not have that macroquest2 crack on your machine.
    Cracks, besides being illegal, will get your machine infected.

    Tell me how the machine is running.
     
  9. gknight86

    gknight86 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    21
    I don't actually know how those got on there...but I used the macroquest2 uninstaller to remove it.

    The computer is still going to random sites when clicking on links. Maybe it's just me but it doesn't seem to do it as often, but it still is doing it.
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    gknight86,
    Bonjour and its services are classified as adware, but as long as you have Apple software, it's going to keep getting installed.
    Let's see what else may be on there.
    -------------------------------------------------------------
    AdwCleaner Download
    Please download AdwCleaner from HERE and save it to your desktop or somewhere you can find it.
    -------------------------------------------------------------
    AdwCleaner Scan
    • Close all open programs and internet browsers.
    • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
    • Click on the Search button.
    • When the results log pops up, please copy and paste the contents in your reply.
    The log file is saved in the C: drive main directory with this filepath: C:\AdwCleaner[R1].txt. (x in the filename represents the run number)
    When you close/exit adwCleaner, if you get a message about not performing any Deletions, that's OK. We need to evaluate the scan log first.

    askey127
     
  11. gknight86

    gknight86 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    21
    AdwCleaner:

    # AdwCleaner v2.108 - Logfile created 01/24/2013 at 16:59:37
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Desktop\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Found : C:\END
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\Users\Owner\AppData\Local\Conduit
    Folder Found : C:\Users\Owner\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Owner\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\Owner\AppData\Roaming\OpenCandy
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    Key Found : HKU\S-1-5-21-1159614075-462506553-904502053-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Google Chrome v24.0.1312.56
    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    File : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [2017 octets] - [24/01/2013 16:59:37]
    ########## EOF - C:\AdwCleaner[R1].txt - [2077 octets] ##########
     
  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    gknight86,
    -------------------------------------------------------------
    AdwCleaner Removals
    • Close all open programs and internet browsers.
    • Double click to Start AdwCleaner. (Right click and choose "Run as administrator" in Vista/Win7).
    • This time, click on the Delete button.
    • Click OK to the prompts.
    • Your computer will be rebooted automatically. A log will open after the restart.
    • Post the contents of the log in your next reply.
    You can also find the log in the main directory of the C: drive as C:\AdwCleaner[S1].txt
    -------------------------------------------------------------
    Open Internet explorer
    Go to Tools> Internet Options > Security tab, and click on Trusted sites.
    Delete everything, except for entries of Microsoft or your Internet Provider.
    Exit Internet Explorer

    askey127
     
  13. gknight86

    gknight86 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    21
    AdwCleaner(S1):

    # AdwCleaner v2.108 - Logfile created 01/24/2013 at 19:46:00
    # Updated 24/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\END
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Google Chrome v24.0.1312.56
    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    File : C:\Users\Lindsay\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [2144 octets] - [24/01/2013 16:59:37]
    AdwCleaner[S1].txt - [1962 octets] - [24/01/2013 19:46:00]
    ########## EOF - C:\AdwCleaner[S1].txt - [2022 octets] ##########
     
  14. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    gknight86,
    Tell me how it's running now.

    askey127
     
  15. gknight86

    gknight86 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    21
    It seems to be running fine now...The only issue I have is that everytime I sign onto my computer I get an error that reads: There was a problem starting C:\Users\Owner\AppData\Local\ElevatedDiagnostics\DIRECTVPlayer\pvpgx.dll The specified module could not be found.

    Any idea what that might be?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086130

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice