1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

JavaScript related virus/bug

Discussion in 'Virus & Other Malware Removal' started by FusRoDah, Jan 19, 2013.

Thread Status:
Not open for further replies.
  1. FusRoDah

    FusRoDah Thread Starter

    Joined:
    Jan 19, 2013
    Messages:
    2
    A few days ago I was on a company's website and saw an odd advertisement at the bottom. I clicked on it (stupidly) because it seemed so out of place and I didn't want to tell the store owner there was a problem with the site if it turned out to be nothing.

    After clicking the link, I started getting these two pop ups on any non- https page I visited. One on the lower left that either asks me if I want to check my computer speed or tells me that I need to download a plugin to play a movie, and one on the right that is modeled after facebook chat windows, and contained text related to whatever was on the website where it showed up.

    After alot of fiddling around with things I discovered that if I turned off Java Script in the browser the pop ups stopped appearing. However, it's not realistic for me to not have js turned on because of my email client and, well, facebook.

    I ran AVG and found three things it deemed to be viruses, and removed them. One was called temp09.exe and the other two were just random looking strings of letters like wsdwsdgwsd, or something like that. I've run malwarebytes and the like as well but can't figure out how to get rid of this damn bug.

    Someone suggested that perhaps clicking the link gave someone my IP address and so perhaps the IP address is being targeted. I can't figure out a way to make my IP address change though, we've tried several times.

    Here are the logs requested by your forum, hopefully I pasted them in the right order.

    Thank you in advance for any assistance you can give. I have screen shots of the pop ups if that would be helpful. I will post them if requested.

    I don't know if it's worth mentioning, but the Gmer scan found three things at the bottom that it marked as suspicious. I've looked up those files and they appear to be legitimate, so I'm not sure if perhaps they are corrupted and that is what is causing this or if Gmer just doesn't recognize them as being legit.

    - - - -

    HighJack This:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:46:55 AM, on 1/19/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Roxio Creator 2009\5.0\CPMonitor.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Viktorja\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 192.157.56.28 www.google-analytics.com.
    O1 - Hosts: 192.157.56.28 ad-emea.doubleclick.net.
    O1 - Hosts: 192.157.56.28 www.statcounter.com.
    O1 - Hosts: 192.157.56.28 connect.facebook.net.
    O1 - Hosts: 192.157.56.28 platform.twitter.com.
    O1 - Hosts: 93.115.241.27 www.google-analytics.com.
    O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
    O1 - Hosts: 93.115.241.27 www.statcounter.com.
    O1 - Hosts: 93.115.241.27 connect.facebook.net.
    O1 - Hosts: 93.115.241.27 platform.twitter.com.
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
    O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009\5.0\CPMonitor.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
    O4 - Startup: Dropbox.lnk = Viktorja\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
    O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
    O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
    O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
    O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9717 bytes

    - - - -
    DDS file:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16446
    Run by Viktorja at 11:48:03 on 2013-01-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3579.2225 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\Roxio Creator 2009\5.0\CPMonitor.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://acer.msn.com
    uDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
    mRun: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009\5.0\CPMonitor.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: C:\Users\Viktorja\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Viktorja\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    TCP: NameServer = 97.64.183.164 97.64.209.37 192.168.1.1
    TCP: Interfaces\{29BAE0F2-E335-4DCC-8859-25DF6DDFB67F} : DHCPNameServer = 97.64.183.164 97.64.209.37 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://acer.msn.com
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 192.157.56.28 www.google-analytics.com.
    Hosts: 192.157.56.28 ad-emea.doubleclick.net.
    Hosts: 192.157.56.28 www.statcounter.com.
    Hosts: 192.157.56.28 connect.facebook.net.
    Hosts: 192.157.56.28 platform.twitter.com.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Viktorja\AppData\Roaming\Mozilla\Firefox\Profiles\qo46xsrl.default\
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-17 77952]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-17 37504]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-25 55024]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-14 204288]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-2 244624]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-14 231440]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-2 533096]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-16 398184]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-16 682344]
    S2 Roxio Upnp Server 11;Roxio Upnp Server 11;C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [2008-8-14 367088]
    S2 RoxLiveShare11;LiveShare P2P Server 11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-8-14 309744]
    S2 RoxWatch11;Roxio Hard Drive Watcher 11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-8-14 170480]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-16 24176]
    S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
    S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2008-8-14 1124848]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-15 1255736]
    S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-17 05:12:32 -------- d-----w- C:\Users\Viktorja\AppData\Roaming\Malwarebytes
    2013-01-17 05:12:24 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-17 05:12:23 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-01-17 05:12:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-17 05:10:27 -------- d-----w- C:\ProgramData\APN
    2012-12-26 04:40:12 -------- d-----w- C:\ProgramData\Uninstall
    2012-12-26 04:23:18 -------- d-----w- C:\Program Files (x86)\Roxio
    2012-12-26 04:21:48 -------- d-----w- C:\Users\Viktorja\AppData\Local\Programs
    2012-12-26 04:20:59 55024 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
    2012-12-26 04:19:27 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
    2012-12-26 04:18:10 -------- d-----w- C:\Program Files (x86)\Roxio Creator 2009
    2012-12-26 04:17:33 -------- d-----w- C:\ProgramData\eSellerate
    2012-12-26 04:17:32 -------- d-----w- C:\ProgramData\SmartSound Software Inc
    2012-12-26 04:17:32 -------- d-----w- C:\Program Files (x86)\SmartSound Software
    .
    ==================== Find3M ====================
    .
    2013-01-12 09:30:38 859552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-01-12 09:30:33 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-10-25 09:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 09:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 11:48:39.89 ===============

    - - -

    attach file:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/14/2012 5:59:44 PM
    System Uptime: 1/19/2013 11:19:45 AM (0 hours ago)
    .
    Motherboard: Acer | | Aspire X1430G
    Processor: AMD E-450 APU with Radeon(tm) HD Graphics | CPU 1 | 1650/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 912 GiB total, 857.666 GiB free.
    D: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP84: 12/25/2012 10:14:09 PM - Installed DirectX
    RP85: 12/25/2012 10:17:09 PM - Installed SmartSound Quicktracks Plugin
    RP86: 12/25/2012 10:24:12 PM - Installed SmartSound "New Standard 22k Library"
    RP87: 1/5/2013 7:48:28 PM - Scheduled Checkpoint
    RP88: 1/14/2013 5:57:46 PM - Scheduled Checkpoint
    RP89: 1/18/2013 9:20:06 AM - Windows Modules Installer
    RP90: 1/18/2013 9:21:58 AM - Windows Modules Installer
    RP91: 1/19/2013 9:04:36 AM - Removed Java(TM) 6 Update 31
    RP92: 1/19/2013 9:11:52 AM - Installed Java 7 Update 11
    RP93: 1/19/2013 11:25:03 AM - Removed Java 7 Update 11
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 192.157.56.28 www.google-analytics.com.
    Hosts: 192.157.56.28 ad-emea.doubleclick.net.
    Hosts: 192.157.56.28 www.statcounter.com.
    Hosts: 192.157.56.28 connect.facebook.net.
    Hosts: 192.157.56.28 platform.twitter.com.
    Hosts: 93.115.241.27 www.google-analytics.com.
    Hosts: 93.115.241.27 ad-emea.doubleclick.net.
    Hosts: 93.115.241.27 www.statcounter.com.
    Hosts: 93.115.241.27 connect.facebook.net.
    Hosts: 93.115.241.27 platform.twitter.com.
    .
    ==== Installed Programs ======================
    .
    Acer eRecovery Management
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Adobe AIR
    Adobe Photoshop Lightroom 3.2 64-bit
    Adobe Reader X (10.1.5) MUI
    Agatha Christie - Death on the Nile
    ALCATEL PC Suite V6.3.27
    Amazon MP3 Downloader 1.0.17
    AMD APP SDK Runtime
    AMD Drag and Drop Transcoding
    AMD Media Foundation Decoders
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI AVIVO64 Codecs
    ATI Catalyst Install Manager
    Avery Template
    AVG 2012
    Bejeweled 2 Deluxe
    Bing Rewards Client Installer
    BitLord 2.0
    Bonjour
    Build-a-lot 4 - Power Source
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CDBurnerXP
    Chronicles of Albian
    clear.fi
    clear.fi Client
    Compatibility Pack for the 2007 Office system
    Cradle of Rome 2
    D3DX10
    DirectX 9 Runtime
    Dora's World Adventure
    Dropbox
    EMC 11 Content
    Final Drive: Nitro
    Galerie de photos Windows Live
    Google Drive
    Google Update Helper
    Governor of Poker 2 Premium Edition
    Hotkey Utility
    HP Deskjet 2050 J510 series Basic Device Software
    HP Deskjet 2050 J510 series Help
    HP Photo Creations
    Identity Card
    iTunes
    Jacquie Lawson Alpine Advent Calendar
    Jewel Match 3
    Junk Mail filter update
    Last.fm 1.5.4.27091
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Professional Edition 2003
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery of Mortlake Mansion
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero Multimedia Suite 10 Essentials
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    NOOK for PC
    Olympus Digital Wave Player
    OpenOffice.org 3.3
    Penguins!
    Pidgin
    Pidgin-Musictracker plugin (remove only)
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Polar Golfer
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio CinePlayer
    Roxio CinePlayer Decoder Pack
    Roxio Creator 2009
    Roxio File Backup
    Scrivener
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    SmartSound Quicktracks Plugin
    Solitaire (remove only)
    Torchlight
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Villagers 5 - New Believers
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    Welcome Center
    WildTangent Games App
    Winamp
    Winamp Detector Plug-in
    Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB (09/29/2009 2.0.0.0)
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinZip 17.0
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/19/2013 11:20:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
    1/15/2013 11:03:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/15/2013 11:03:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    1/15/2013 11:02:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    1/15/2013 11:01:39 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/15/2013 11:01:39 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/15/2013 11:01:39 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/15/2013 11:01:39 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/15/2013 11:01:39 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/15/2013 11:01:39 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/15/2013 11:01:39 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/15/2013 11:01:39 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/15/2013 11:01:39 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/15/2013 11:01:38 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/15/2013 11:01:38 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

    Gmer file:

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-19 12:01:44
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000055 ST310005 rev.JC45 931.51GB
    Running: iuq6zuqo.exe; Driver: C:\Users\Viktorja\AppData\Local\Temp\fxlyqkow.sys


    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe [2636:2880] 0000000077ac2e25
    Thread C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe [2636:2888] 0000000077ac3e45
    Thread C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe [2636:5324] 0000000077ac3e45
    Thread C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [3156:3120] 000000001001c4d1
    Thread C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [3156:3580] 00000000038d9725
    Thread C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [3304:3460] 0000000077ac2e25
    Thread C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [3304:4232] 0000000077ac3e45
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:3028] 000007feef85db84
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:4816] 000007feef71b184
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:2100] 000007feef71b184
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:2224] 000007feef71b184
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:1764] 000007feef71b184
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:1904] 000007feef71b184
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:1980] 000007feef8308c0
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:940] 000007feef71b184
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:2536] 000007feef71b184
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:4588] 000007feef710e44
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:4152] 000007feefd56f00
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872:4172] 000007feef71b184
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4876:4316] 000007fefb7d2a7c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4876:5644] 000000006bb76c88
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4308] 00000000690a6314
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:3504] 00000000690a539b
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:2088] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5356] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:3796] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:2120] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:1820] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4716] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:6020] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:192] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:6024] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5608] 0000000077ac2e25
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:6056] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:1752] 000000006e8f27e1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4072] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:3092] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4692] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:3780] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5736] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4124] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5084] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:2912] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4756] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4572] 000000006e4132fb
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5160] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:1784] 00000000745727c1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:2600] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:3556] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5516] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4976] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4776] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:4212] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:3096] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5564] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5076] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:3152] 0000000077ac3e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5232] 0000000076c842ed
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5884] 000000007387c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:3844] 00000000750662ee
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6088:5636] 0000000077ac3e45
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4880] 000007fefae00000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4872] 000007fefed40000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4876] 000007fefd110000

    ---- EOF - GMER 2.0 ----

    Sysinfo:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD E-450 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
    Processor Count: 2
    RAM: 3579 Mb
    Graphics Card: AMD Radeon HD 6300 series Graphics, 512 Mb
    Hard Drives: C: Total - 933767 MB, Free - 878249 MB;
    Motherboard: Acer, Aspire X1430G
    Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled
     
  2. FusRoDah

    FusRoDah Thread Starter

    Joined:
    Jan 19, 2013
    Messages:
    2
    I just did a system restore to a point in time before I picked up whatever it was that happened. That appears to have worked. Thanks anyway folks :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085969

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice