1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unwanted Pop ups, downloaded programs wont install/work

Discussion in 'Virus & Other Malware Removal' started by thestrangeceleb, Mar 17, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1, 64 bit
    Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 2
    RAM: 3909 Mb
    Graphics Card: Intel(R) HD Graphics, 1826 Mb
    Hard Drives: C: Total - 459621 MB, Free - 225155 MB;
    Motherboard: Gateway, EG50_HC_HR
    Antivirus: Windows Defender, Disabled

    Hello guys, I've recently had a problem with my browser not working correctly. I keep getting unwanted pop ups, and unintentional redirected pages. I found a program named SavingsBull that seemed to have been installed, but have removed that. I was originally using Chrome, but have since tried over 5 different browsers, resulting in ending up with iExplorer11. Also, when i try to download anything through my browser, it says signature cant be verified, and it wont finish the installation. I've ran Malwarebytes in normal and Safe mode, but it hasn't came up with anything. I tried to run the dds.com program, but it says it can't be used in "Compatibility Mode". Im providing logs from HijackThis, rogueKiller, and Rkill.
    I also have ComboFix downloaded, but i'm waiting on that for a last resort option. Thanks for any help in advance!

    Kevin B.
     

    Attached Files:

  2. Sponsor

  3. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    I don't really want to, but im running out of time and I might just have to run combofix. I have maybe another 24 hours before the GF loses it over her laptop. I hope someone can help me out soon!
     
  4. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    570
    Make sure that DDS.com is on your desktop.
    Run DDS.com from a dos window created by these instructions:
    1. Right mouse click on your desk top, select NEW, then Shortcut. A "create shortcut" window will open.
    2. Type in the following: cmd.exe and hit enter. Then click on the Finish button.
    3. Right mouse click on the cmd.exe icon that you have just created, select Run as Administrator.
    4 From the command line window that opens, type DDS.com, hit enter and then follow the instructions from DDS.

    Post the logs by copy and paste. DO NOT post them as attachments.

    If you have any problems or questions, please ask.
    wbg

    PS: running combofix may have unintended results and possibly not fix your issue.
     
  5. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    I will try this today after work.
     
  6. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    570
    Hi thestrangeceleb.

    It has been three days since your last post.


    • Do you still need help?
    • Do you need more time?
    • Are you having problems following my instructions?
    • These topics will self- close after 45 days without a response.
    • If you do not reply within the next 48 hours, I will remove this topic from my notification list.
    • If you post back after 5 days but before 45 days, PM me and wait for a response.
    • If you still need help after 45 days post a new log on a new thread.
     
  7. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    trying it now. sorry for the wait.
     
  8. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    I tried it, but when I type dds.com in the command line, its says, "dds.com" is not recognized as an internal or external command, operable program or batch file.
     
  9. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    I figured out a way to bypass the problem in cmd.exe. After opening cmd in admin mode, I just dragged and dropped the dds.com icon into cmd, and it gave the correct file path. Now I come into the compatibility mode problem again. Heres a screen shot of what happens when I try to run dds.com from cmd.
     

    Attached Files:

  10. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    570
    Hi,
    From the look at your screen shot, you are trying to run the desktop program from the C:\Windows\System32 folder.

    You have to be in/on the desktop folder in order for the program to run from the "DOS" window without "DRAGGING and DROPPING".

    When you follow the instructions I posted earlier please make sure that the command line entry reads:
    C:\Users\ariel\desktop

    Make sure that DDS.com is on your desktop.
    Run DDS.com from a dos window created by these instructions:
    1. Right mouse click on your desk top, select NEW, then Shortcut. A "create shortcut" window will open.
    2. Type in the following: cmd.exe and hit enter. Then click on the Finish button.
    3. Right mouse click on the cmd.exe icon that you have just created, select Run as Administrator. If the UAC asks, Allow.
    4. Type CD\ then press enter
    5. type CD C:\Users\ariel\desktop
    6. Type DDS, hit enter and then follow the instructions from DDS.

    I have both windows 8 and 8.1 and DDS runs with no problem following the above instructions.
     
  11. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    Okay, thanks, I'll try this tonight and let you know what happens.
     
  12. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    Awesome! It worked. Heres the log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
    Run by ariel at 8:25:05 on 2014-04-03
    Microsoft Windows 8.1 6.3.9600.0.1252.1.1033.18.3909.1751 [GMT -5:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
    C:\WINDOWS\system32\dashost.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    C:\Windows\RfBtnSvc64.exe
    c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\WINDOWS\system32\taskhostex.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Windows\System32\skydrive.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86) (x86)\Dell AIO Printer 948\memcard.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\System32\SettingSyncHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\EvernoteMetro.exe
    C:\Windows\Camera\Camera.exe
    C:\Windows\System32\WUDFHost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WindowsApps\7digitalLtd.7digitalMusicStore_2.1.4.0_neutral__qv1vc61z2t2b4\SevenDigital.Win8.App.exe
    C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe
    C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\WINDOWS\system32\wwahost.exe
    C:\WINDOWS\system32\taskhost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\ariel\AppData\Roaming\Spotify\spotify.exe
    C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [uTorrent] "C:\Users\ariel\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Spotify Web Helper] "C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    mRun: [LManager] <no file>
    mRunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\5d008912-f9d9-4908-b145-f9134a5d47ac.exe /check
    dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
    StartupFolder: C:\Users\ariel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{8CD0B39D-3F66-4852-A9AC-9BE047CD0CEC} : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{8CD0B39D-3F66-4852-A9AC-9BE047CD0CEC}\177756374783335323 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{8CD0B39D-3F66-4852-A9AC-9BE047CD0CEC}\450584F4D454 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8CD0B39D-3F66-4852-A9AC-9BE047CD0CEC}\65562796A7F6E602D494649443531303C4026424839302355636572756 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{CF40EAC1-C560-400F-BEEC-20CEE9DD22D1} : DHCPNameServer = 209.18.47.61 209.18.47.62
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: m OpenOffice.us Search.us.com Toolbar: {7CE271D3-2224-4E8C-9BDD-B132CAEF5FDE} -
    x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
    x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2014-1-29 65776]
    R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2014-1-29 207904]
    R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-11-19 645952]
    R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2013-12-23 39768]
    R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
    R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2014-1-29 1038072]
    R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2014-1-29 421704]
    R1 netfilter64;netfilter64;C:\WINDOWS\System32\drivers\netfilter64.sys [2013-12-17 46232]
    R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2014-1-29 78648]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-29 50344]
    R2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-10-24 348784]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-19 165760]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-30 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-30 701512]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-8-23 259136]
    R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-11-19 96880]
    R2 SavingsbullFilterService64;SavingsbullFilterService64;C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe [2014-2-12 210432]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-19 364416]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\WINDOWS\System32\drivers\b57xdbd.sys [2012-8-13 72280]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\WINDOWS\System32\drivers\b57xdmp.sys [2012-8-13 21080]
    R3 bScsiMSa;bScsiMSa;C:\WINDOWS\System32\drivers\bScsiMSa.sys [2012-6-18 55384]
    R3 bScsiSDa;bScsiSDa;C:\WINDOWS\System32\drivers\bScsiSDa.sys [2012-8-14 70744]
    R3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-22 468624]
    R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-8-22 658576]
    R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2012-10-24 330640]
    R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2012-10-29 342528]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2013-8-22 425984]
    R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-1-30 25928]
    R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
    R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
    R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [2012-11-19 26736]
    R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\drivers\rtwlane.sys [2013-8-22 1936088]
    R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2013-8-22 230912]
    S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
    S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
    S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
    S3 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2014-1-29 80184]
    S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
    S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
    S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
    S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-2-12 111616]
    S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
    S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
    S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
    S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2013-8-22 924512]
    S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
    S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2013-12-23 146776]
    S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
    S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-14 57176]
    S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
    S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-3-12 124760]
    S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-3-12 348392]
    S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
    S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-03-29 06:00:02 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    2014-03-17 23:06:00 388096 ----a-r- C:\Users\ariel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2014-03-17 23:06:00 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2014-03-16 22:32:45 -------- d-----w- C:\WINDOWS\pss
    2014-03-15 08:40:07 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
    2014-03-12 03:51:40 4189184 ----a-w- C:\WINDOWS\System32\win32k.sys
    2014-03-12 03:46:40 1643584 ----a-w- C:\WINDOWS\System32\winload.efi
    2014-03-12 03:46:40 1507704 ----a-w- C:\WINDOWS\System32\winload.exe
    2014-03-12 02:56:27 586240 ----a-w- C:\WINDOWS\System32\qedit.dll
    2014-03-12 02:56:27 488448 ----a-w- C:\WINDOWS\SysWow64\qedit.dll
    2014-03-10 16:42:38 -------- d-----w- C:\Users\ariel\AppData\Local\Deployment
    .
    ==================== Find3M ====================
    .
    2014-03-04 22:53:05 105464 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-04 22:53:04 693240 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    2014-02-06 11:30:46 2724864 ----a-w- C:\WINDOWS\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\WINDOWS\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\WINDOWS\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\WINDOWS\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
    2014-02-06 10:11:37 5768704 ----a-w- C:\WINDOWS\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\WINDOWS\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\WINDOWS\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\WINDOWS\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
    2014-01-31 23:23:54 1060864 ----a-w- C:\WINDOWS\SysWow64\mfc71.dll
    2014-01-29 19:51:15 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
    2014-01-29 19:26:26 80184 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
    2014-01-29 19:26:26 78648 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    2014-01-29 19:26:26 65776 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
    2014-01-29 19:26:26 207904 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
    2014-01-29 19:26:26 1038072 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
    2014-01-29 19:26:25 92544 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
    2014-01-29 19:26:24 43152 ----a-w- C:\WINDOWS\avastSS.scr
    2014-01-09 08:25:10 2804224 ----a-w- C:\WINDOWS\System32\actxprxy.dll
    2014-01-09 07:59:06 115712 ----a-w- C:\WINDOWS\System32\winbici.dll
    2014-01-09 07:59:02 1020928 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
    2014-01-09 07:49:48 919040 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
    2014-01-09 07:44:45 720384 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
    2014-01-09 07:43:12 121344 ----a-w- C:\WINDOWS\System32\SkyDriveShell.dll
    2014-01-09 07:29:28 105984 ----a-w- C:\WINDOWS\SysWow64\SkyDriveShell.dll
    2014-01-09 07:28:45 628736 ----a-w- C:\WINDOWS\SysWow64\MrmCoreR.dll
    2014-01-09 07:28:44 4217344 ----a-w- C:\WINDOWS\System32\SyncEngine.dll
    2014-01-09 07:18:50 870912 ----a-w- C:\WINDOWS\System32\SkyDrive.exe
    2014-01-07 07:03:30 18944 ----a-w- C:\WINDOWS\System32\pcaui.exe
    2014-01-07 05:59:03 17408 ----a-w- C:\WINDOWS\SysWow64\pcaui.exe
    2014-01-07 05:00:20 2397184 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
    2014-01-07 04:30:31 2071552 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
    2014-01-04 20:50:05 1462216 ----a-w- C:\WINDOWS\System32\propsys.dll
    2014-01-04 19:22:49 1202888 ----a-w- C:\WINDOWS\SysWow64\propsys.dll
    2014-01-04 14:52:01 2414592 ----a-w- C:\WINDOWS\apppatch\AcGenral.dll
    2014-01-04 14:30:03 13209088 ----a-w- C:\WINDOWS\System32\twinui.dll
    2014-01-04 14:23:19 11702272 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
    2014-01-04 13:42:04 1105408 ----a-w- C:\WINDOWS\System32\SearchFolder.dll
    2014-01-04 13:40:27 7416832 ----a-w- C:\WINDOWS\System32\Windows.UI.Search.dll
    2014-01-04 13:36:27 830976 ----a-w- C:\WINDOWS\SysWow64\SearchFolder.dll
    2014-01-04 13:28:24 4961792 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
    2007-09-17 15:10:42 24576 ----a-w- C:\Program Files (x86)\Lexmark 3500-4500 Series
    .
    ============= FINISH: 8:25:35.70 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8.1
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/23/2013 1:46:54 AM
    System Uptime: 3/17/2014 7:51:54 AM (409 hours ago)
    .
    Motherboard: Gateway | | EG50_HC_HR
    Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz | U3E1 | 2200/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 449 GiB total, 216.237 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: SCSI\CDROM&VEN_HL-DT-ST&PROD_DVDRAM_GT51N\4&3593C471&0&020000
    Manufacturer: (Standard CD-ROM drives)
    Name: HL-DT-ST DVDRAM GT51N
    PNP Device ID: SCSI\CDROM&VEN_HL-DT-ST&PROD_DVDRAM_GT51N\4&3593C471&0&020000
    Service: cdrom
    .
    ==== System Restore Points ===================
    .
    RP20: 3/17/2014 6:05:30 PM - Installed HiJackThis
    RP21: 3/24/2014 3:22:24 AM - Windows Update
    RP22: 4/1/2014 6:38:35 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Backup Manager v4
    Bonjour
    Broadcom Card Reader Driver Installer
    CyberLink MediaEspresso 6.5
    CyberLink PowerDVD 10
    Dell AIO Printer 948
    Diablo III
    Dritek Radio Controller
    ERUNT 1.1j
    ETDWare PS/2-X64 11.6.13.004_WHQL
    Gateway Device Fast-lane
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    HiJackThis
    iCloud
    Identity Card
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel® Trusted Connect Service Client
    iTunes
    Java 7 Update 51
    Java Auto Updater
    Launch Manager
    Live Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Mouse and Keyboard Center
    Microsoft Office
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT Redists
    Nero 12 Essentials OEM.a01
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero Express
    Nero Express Help (CHM)
    Nero Launcher
    Nero Update
    OpenOffice.org 3.1
    PhotoFiltre 7
    Prerequisite installer
    QuickTime
    Realtek High Definition Audio Driver
    REALTEK Wireless LAN Driver
    SavingsBull
    SavingsbullFilter
    SelectionLinks
    Spotify
    Vegas Pro 11.0
    VLC media player 2.0.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/2/2014 10:55:07 AM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.
    4/2/2014 10:55:07 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    4/2/2014 10:51:25 AM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
    4/2/2014 10:00:01 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    3/30/2014 2:31:51 PM, Error: disk [15] - The device, \Device\Harddisk1\DR8, is not ready for access yet.
    .
    ==== End Of File ===========================
     
  13. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    570
    Hi thestrangeceleb,

    I am a little confused about your comment: " I was originally using Chrome, but have since tried over 5 different browsers, resulting in ending up with iExplorer11." I find no evidence of any browser except Internet Explorer.

    Please run the following and post back the results or problems you encounter during the process.

    Step 1.
    FRST - Farbar Recovery Scanner Tool for Vista-W7 [​IMG]

    Please download FRST64.exe ... by Farbar. Save it to your desktop.

    1. Double-click to run it. When the tool opens click Yes to disclaimer.
    2. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
    3. Please copy/paste FRST.txt it to your reply.
      The first time the tool is run, it makes also another log... Addition.txt.
    4. Please copy/paste Addition.txt in your reply.



    Step 2.
    */ For Windows VISTA - adjust download as needed */
    RSIT (Random's System Information Tool)
    Please download RSITx64 by random/random... save it to your desktop.

    1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
    2. Please read the disclaimer... click on Continue.
    3. RSIT will start running. When done... 2 logs files...will be produced.
      The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
    4. Please post both... "log.txt" and "info.txt", file contents in your next reply.

    (These logs can be lengthy, so a separate post may be needed.)



    Please include in your next reply:

    1. Contents of FRST.txt
    2. Contents of Addition.txt
    3. Contents of log.txt
    4. Contents of info.txt
    5. Any problem executing the instructions?

    Thanks,
    wbg
     
  14. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    What I did was download a browser, find out that I still had the same problem, then i'd uninstall it and try another. I did that a few times. After multiple attempts, I just settled with IE11. I've been busy, so its probably been over 30 days since this was done.
    I also have to download from another computer and transfer via USB drive, since my browser doesn't allow me to download anything. Doing so now. Logs will be posted next, if all goes well.
     
  15. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by ariel (administrator) on AB-PC on 04-04-2014 17:01:12
    Running from C:\Users\ariel\Desktop
    Windows 8.1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    (Dritek System INC.) C:\Windows\RfBtnSvc64.exe
    () c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
    (Microsoft Corporation) C:\Windows\System32\skydrive.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    (Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    () C:\Program Files (x86) (x86)\Dell AIO Printer 948\memcard.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    () C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\EvernoteMetro.exe
    (Microsoft Corporation) C:\Windows\Camera\Camera.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    () C:\Program Files\WindowsApps\7digitalLtd.7digitalMusicStore_2.1.4.0_neutral__qv1vc61z2t2b4\SevenDigital.Win8.App.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Spotify Ltd) C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\WMIADAP.EXE


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
    HKLM-x32\...\Run: [LManager] - [X]
    HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-11-19] (Dritek System Inc.)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-29] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
    HKLM-x32\...\Run: [dldfmon.exe] - C:\Program Files (x86) (x86)\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()
    HKLM-x32\...\Run: [MemoryCardManager] - C:\Program Files (x86) (x86)\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()
    HKLM-x32\...\Run: [Dell AIO Printer 948] - C:\Program Files (x86) (x86)\Dell AIO Printer 948\fm3032.exe [311976 2009-04-27] ()
    HKLM-x32\...\Run: [fst_us_2] - [X]
    HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\5d008912-f9d9-4908-b145-f9134a5d47ac.exe /check [181136 2014-03-28] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
    HKU\S-1-5-21-1755299453-451301104-1142048856-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-1755299453-451301104-1142048856-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-1755299453-451301104-1142048856-1001\...\Run: [uTorrent] - C:\Users\ariel\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-16] (BitTorrent Inc.)
    HKU\S-1-5-21-1755299453-451301104-1142048856-1001\...\Run: [Spotify Web Helper] - C:\Users\ariel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-03-31] (Spotify Ltd)
    Startup: C:\Users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE9020635B339CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    SearchScopes: HKLM - DefaultScope {2E1458F6-D7DF-432D-B11A-A1AA897DC2CD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
    SearchScopes: HKLM - {2E1458F6-D7DF-432D-B11A-A1AA897DC2CD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
    SearchScopes: HKLM-x32 - {2E1458F6-D7DF-432D-B11A-A1AA897DC2CD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
    SearchScopes: HKCU - {2E1458F6-D7DF-432D-B11A-A1AA897DC2CD} URL =
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - m OpenOffice.us Search.us.com Toolbar - {7CE271D3-2224-4E8C-9BDD-B132CAEF5FDE} - C:\Users\ariel\AppData\Local\TNT2\Profiles\10285\passport64.dll No File
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - m OpenOffice.us Search.us.com Toolbar - {7CE271D3-2224-4E8C-9BDD-B132CAEF5FDE} - C:\Users\ariel\AppData\Local\TNT2\Profiles\10285\passport64.dll No File
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Users\ariel\AppData\Roaming\Mozilla\Firefox\Profiles\x8fhmmge.default
    FF user.js: detected! => C:\Users\ariel\AppData\Roaming\Mozilla\Firefox\Profiles\x8fhmmge.default\user.js
    FF Homepage: about:newtab
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\BetterSurf\ff
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Better-Surf\ff
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha445\ff
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta515\ff
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha42\ff
    FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha42\ff [2014-01-29]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-29]

    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR Extension: (No Name) - C:\Users\ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-02-24]
    CHR Extension: (No Name) - C:\Users\ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
    CHR HKCU\...\Chrome\Extension: [pnjnnnhampgflieglcelomcofocioegp] - C:\Users\ariel\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx [2013-04-25]
    CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [2013-04-25]
    CHR HKLM-x32\...\Chrome\Extension: [eakjooogobhkkdhdbjbablejiohgmbem] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta515\ch\VideoPlayerV3beta515.crx [2013-04-25]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-29]
    CHR HKLM-x32\...\Chrome\Extension: [hfhadikndncaklemknofnabdmpalombe] - C:\Users\ariel\AppData\Local\TidyNetwork.com\tidy.crx [2014-01-29]
    CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2014-01-29]
    CHR HKLM-x32\...\Chrome\Extension: [ocgoigkhpcjppnaalfjpcibajgmhhcgc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha445\ch\WebexpEnhancedV1alpha445.crx [2014-01-29]
    CHR HKLM-x32\...\Chrome\Extension: [pnjnnnhampgflieglcelomcofocioegp] - C:\Users\ariel\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx [2013-04-25]
    CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-04-25]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-29] (AVAST Software)
    R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
    R3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
    R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-11-19] (Dritek System INC.)
    R2 SavingsbullFilterService64; c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe [210432 2014-02-12] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2014-01-29] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2014-01-29] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-29] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1038072 2014-01-29] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [421704 2014-01-29] (AVAST Software)
    R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-01-29] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-29] ()
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)
    U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
    S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
    R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-23] (Microsoft Corporation)
    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
    R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46232 2013-12-17] (NetFilterSDK.com)
    S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
    R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-19] (Dritek System Inc.)
    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-23] (Microsoft Corporation)
    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
    S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-04 17:01 - 2014-04-04 17:01 - 00018291 _____ () C:\Users\ariel\Desktop\FRST.txt
    2014-04-04 16:59 - 2014-04-04 17:01 - 00000000 ____D () C:\FRST
    2014-04-04 16:58 - 2014-04-04 16:57 - 00935175 _____ () C:\Users\ariel\Desktop\RSITx64.exe
    2014-04-04 16:58 - 2014-04-04 16:24 - 02157056 _____ (Farbar) C:\Users\ariel\Desktop\FRST64.exe
    2014-04-03 08:25 - 2014-04-03 08:25 - 00020174 _____ () C:\Users\ariel\Desktop\dds.txt
    2014-04-03 08:25 - 2014-04-03 08:25 - 00004461 _____ () C:\Users\ariel\Desktop\attach.txt
    2014-03-30 11:39 - 2014-03-30 11:39 - 00001224 _____ () C:\Users\ariel\Desktop\cmd.exe.lnk
    2014-03-23 01:47 - 2014-03-23 02:01 - 91283359 _____ () C:\Users\ariel\Documents\Snowboard Roll over (slo mo).mp4
    2014-03-19 21:06 - 2014-03-19 21:06 - 01946340 _____ () C:\Users\ariel\Desktop\adwcleaner.exe
    2014-03-19 21:02 - 2014-03-19 21:02 - 01140016 _____ () C:\Users\ariel\Downloads\FRST.exe
    2014-03-17 19:09 - 2014-03-17 19:08 - 00509440 _____ (Tech Support Guy System) C:\Users\ariel\Desktop\SysInfo.exe
    2014-03-17 19:04 - 2014-03-17 19:04 - 00002177 _____ () C:\Users\ariel\Desktop\RKreport[0]_S_03172014_190439.txt
    2014-03-17 19:02 - 2014-03-17 19:08 - 00000000 ____D () C:\Users\ariel\Desktop\RK_Quarantine
    2014-03-17 19:01 - 2014-03-17 19:01 - 00000903 _____ () C:\Users\ariel\Desktop\NTREGOPT.lnk
    2014-03-17 19:01 - 2014-03-17 19:01 - 00000884 _____ () C:\Users\ariel\Desktop\ERUNT.lnk
    2014-03-17 19:01 - 2014-03-17 19:01 - 00000000 ____D () C:\WINDOWS\ERDNT
    2014-03-17 19:01 - 2014-03-17 19:01 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-03-17 18:51 - 2014-03-17 18:51 - 00002702 _____ () C:\Users\ariel\Desktop\Rkill.txt
    2014-03-17 18:47 - 2014-03-17 18:47 - 03901952 _____ () C:\Users\ariel\Desktop\RogueKiller.exe
    2014-03-17 18:46 - 2014-03-17 18:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ariel\Desktop\rkill.exe
    2014-03-17 18:46 - 2014-03-17 18:46 - 00791393 _____ (Lars Hederer ) C:\Users\ariel\Desktop\erunt-setup.exe
    2014-03-17 18:45 - 2014-03-17 18:45 - 00688992 ____R (Swearware) C:\Users\ariel\Desktop\dds.com
    2014-03-17 18:23 - 2014-03-17 18:23 - 00688992 _____ (Swearware) C:\Users\ariel\Downloads\dds.scr
    2014-03-17 18:12 - 2014-03-17 19:28 - 00009183 _____ () C:\Users\ariel\Documents\hijackthis.log
    2014-03-17 18:06 - 2014-03-17 18:06 - 00003007 _____ () C:\Users\ariel\Desktop\HiJackThis.lnk
    2014-03-17 18:06 - 2014-03-17 18:06 - 00000000 ____D () C:\Users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-03-17 18:06 - 2014-03-17 18:06 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-03-17 08:35 - 2014-03-17 08:35 - 05190594 _____ (Swearware) C:\Users\ariel\Desktop\ComboFix.exe
    2014-03-17 08:30 - 2011-12-27 18:07 - 01402880 _____ () C:\Users\ariel\Desktop\HijackThis.msi
    2014-03-16 17:32 - 2014-03-16 17:32 - 00000000 ____D () C:\WINDOWS\pss
    2014-03-12 00:37 - 2013-10-30 19:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
    2014-03-12 00:37 - 2013-10-30 19:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
    2014-03-12 00:37 - 2013-10-30 19:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
    2014-03-11 22:51 - 2014-02-10 22:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-03-11 22:46 - 2013-12-20 05:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2014-03-11 22:46 - 2013-12-20 05:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2014-03-11 21:56 - 2014-02-10 21:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2014-03-11 21:56 - 2014-02-10 21:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2014-03-10 11:42 - 2014-03-13 17:10 - 00000000 ____D () C:\Users\ariel\AppData\Local\Deployment

    ==================== One Month Modified Files and Folders =======

    2014-04-04 17:01 - 2014-04-04 17:01 - 00018291 _____ () C:\Users\ariel\Desktop\FRST.txt
    2014-04-04 17:01 - 2014-04-04 16:59 - 00000000 ____D () C:\FRST
    2014-04-04 17:01 - 2014-03-03 17:21 - 29526462 _____ () C:\WINDOWS\system32\SavingsBullFilterService.log
    2014-04-04 17:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-04-04 16:57 - 2014-04-04 16:58 - 00935175 _____ () C:\Users\ariel\Desktop\RSITx64.exe
    2014-04-04 16:56 - 2013-12-23 02:18 - 01678586 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-04-04 16:24 - 2014-04-04 16:58 - 02157056 _____ (Farbar) C:\Users\ariel\Desktop\FRST64.exe
    2014-04-04 16:16 - 2013-01-06 13:03 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1755299453-451301104-1142048856-1001
    2014-04-04 16:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-04-04 15:51 - 2014-01-30 14:57 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E479BA3E-6F70-480D-B356-A81028642ABA}
    2014-04-04 15:46 - 2014-02-24 16:11 - 00000000 ____D () C:\Users\ariel\AppData\Roaming\Spotify
    2014-04-03 08:25 - 2014-04-03 08:25 - 00020174 _____ () C:\Users\ariel\Desktop\dds.txt
    2014-04-03 08:25 - 2014-04-03 08:25 - 00004461 _____ () C:\Users\ariel\Desktop\attach.txt
    2014-03-31 12:49 - 2014-02-24 16:11 - 00000000 ____D () C:\Users\ariel\AppData\Local\Spotify
    2014-03-30 14:39 - 2013-12-19 16:08 - 00000000 ____D () C:\Users\ariel\Desktop\GoPro
    2014-03-30 11:39 - 2014-03-30 11:39 - 00001224 _____ () C:\Users\ariel\Desktop\cmd.exe.lnk
    2014-03-30 11:26 - 2013-03-01 03:11 - 00000000 ____D () C:\Users\ariel\AppData\Roaming\vlc
    2014-03-30 10:46 - 2013-11-14 02:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-03-27 01:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2014-03-25 08:45 - 2013-02-22 01:53 - 00000000 ____D () C:\Users\ariel\AppData\Local\CrashDumps
    2014-03-23 02:01 - 2014-03-23 01:47 - 91283359 _____ () C:\Users\ariel\Documents\Snowboard Roll over (slo mo).mp4
    2014-03-23 01:25 - 2013-07-20 23:45 - 00000000 ____D () C:\Users\ariel\Documents\Sony Vegas Projects
    2014-03-20 12:16 - 2013-09-24 13:18 - 00006300 _____ () C:\Users\ariel\Documents\resume.html
    2014-03-20 12:16 - 2013-08-12 13:48 - 00018923 _____ () C:\Users\ariel\Documents\resume.odt
    2014-03-19 21:06 - 2014-03-19 21:06 - 01946340 _____ () C:\Users\ariel\Desktop\adwcleaner.exe
    2014-03-19 21:02 - 2014-03-19 21:02 - 01140016 _____ () C:\Users\ariel\Downloads\FRST.exe
    2014-03-18 04:43 - 2013-07-25 22:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-03-18 04:42 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-03-18 04:42 - 2013-01-10 04:02 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-03-17 19:28 - 2014-03-17 18:12 - 00009183 _____ () C:\Users\ariel\Documents\hijackthis.log
    2014-03-17 19:08 - 2014-03-17 19:09 - 00509440 _____ (Tech Support Guy System) C:\Users\ariel\Desktop\SysInfo.exe
    2014-03-17 19:08 - 2014-03-17 19:02 - 00000000 ____D () C:\Users\ariel\Desktop\RK_Quarantine
    2014-03-17 19:04 - 2014-03-17 19:04 - 00002177 _____ () C:\Users\ariel\Desktop\RKreport[0]_S_03172014_190439.txt
    2014-03-17 19:01 - 2014-03-17 19:01 - 00000903 _____ () C:\Users\ariel\Desktop\NTREGOPT.lnk
    2014-03-17 19:01 - 2014-03-17 19:01 - 00000884 _____ () C:\Users\ariel\Desktop\ERUNT.lnk
    2014-03-17 19:01 - 2014-03-17 19:01 - 00000000 ____D () C:\WINDOWS\ERDNT
    2014-03-17 19:01 - 2014-03-17 19:01 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-03-17 18:51 - 2014-03-17 18:51 - 00002702 _____ () C:\Users\ariel\Desktop\Rkill.txt
    2014-03-17 18:47 - 2014-03-17 18:47 - 03901952 _____ () C:\Users\ariel\Desktop\RogueKiller.exe
    2014-03-17 18:46 - 2014-03-17 18:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\ariel\Desktop\rkill.exe
    2014-03-17 18:46 - 2014-03-17 18:46 - 00791393 _____ (Lars Hederer ) C:\Users\ariel\Desktop\erunt-setup.exe
    2014-03-17 18:45 - 2014-03-17 18:45 - 00688992 ____R (Swearware) C:\Users\ariel\Desktop\dds.com
    2014-03-17 18:23 - 2014-03-17 18:23 - 00688992 _____ (Swearware) C:\Users\ariel\Downloads\dds.scr
    2014-03-17 18:06 - 2014-03-17 18:06 - 00003007 _____ () C:\Users\ariel\Desktop\HiJackThis.lnk
    2014-03-17 18:06 - 2014-03-17 18:06 - 00000000 ____D () C:\Users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-03-17 18:06 - 2014-03-17 18:06 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-03-17 08:36 - 2013-08-22 09:46 - 00298444 _____ () C:\WINDOWS\setupact.log
    2014-03-17 08:35 - 2014-03-17 08:35 - 05190594 _____ (Swearware) C:\Users\ariel\Desktop\ComboFix.exe
    2014-03-17 07:55 - 2013-12-23 02:51 - 00000000 __RDO () C:\Users\ariel\SkyDrive
    2014-03-17 07:52 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-03-16 18:21 - 2014-01-29 14:26 - 00002231 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-03-16 17:33 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2014-03-16 17:32 - 2014-03-16 17:32 - 00000000 ____D () C:\WINDOWS\pss
    2014-03-15 23:39 - 2013-11-14 02:20 - 00069222 _____ () C:\WINDOWS\PFRO.log
    2014-03-13 18:24 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-03-13 17:26 - 2012-09-03 00:57 - 00000000 ____D () C:\ProgramData\BackupManager
    2014-03-13 17:10 - 2014-03-10 11:42 - 00000000 ____D () C:\Users\ariel\AppData\Local\Deployment
    2014-03-13 16:42 - 2013-02-16 13:15 - 00000000 ____D () C:\ProgramData\Adobe
    2014-03-13 16:26 - 2013-01-06 12:56 - 00000000 ___RD () C:\Users\ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-13 16:19 - 2014-01-29 14:26 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2014-03-13 16:18 - 2013-08-22 09:44 - 00362600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-03-13 16:17 - 2013-07-12 00:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-03-13 16:17 - 2013-07-12 00:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-03-13 16:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-13 16:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-03-13 16:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-03-13 16:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-03-06 22:31 - 2014-02-25 17:24 - 00000000 ____D () C:\Program Files (x86)\Bench
    2014-03-06 22:31 - 2014-02-24 15:54 - 00000000 ____D () C:\Program Files\Level Quality Watcher
    2014-03-06 08:22 - 2014-03-03 17:21 - 00000000 ____D () C:\Program Files\SavingsbullFilter
    2014-03-06 03:57 - 2014-02-26 20:20 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
    2014-03-06 03:36 - 2013-07-20 23:10 - 00000000 ____D () C:\Users\ariel\Downloads\Sony Vegas Pro 11
    2014-03-05 13:25 - 2014-01-31 19:12 - 00000000 ____D () C:\Program Files (x86)\Comodo

    Some content of TEMP:
    ====================
    C:\Users\ariel\AppData\Local\Temp\avgnt.exe
    C:\Users\ariel\AppData\Local\Temp\BackupSetup.exe
    C:\Users\ariel\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\ariel\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\ariel\AppData\Local\Temp\vcredist_x64.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-28 04:46

    ==================== End Of Log ============================
     
  16. thestrangeceleb

    thestrangeceleb Thread Starter

    Joined:
    Apr 22, 2008
    Messages:
    26
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by ariel at 2014-04-04 17:01:58
    Running from C:\Users\ariel\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
    Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
    Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
    CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
    CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
    CyberLink PowerDVD 10 (x32 Version: 10.0.4220.52 - CyberLink Corp.) Hidden
    Dell AIO Printer 948 (HKLM-x32\...\Dell AIO Printer 948) (Version: - Dell, Inc.)
    Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)
    Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
    ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
    ETDWare PS/2-X64 11.6.13.004_WHQL (HKLM\...\Elantech) (Version: 11.6.13.004 - ELAN Microelectronic Corp.)
    Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Gateway Incorporated)
    Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
    Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Gateway Incorporated)
    Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.7 - Gateway)
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Gateway Incorporated)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
    Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
    Nero ControlCenter (x32 Version: 11.0.14500.0.45 - Nero AG) Hidden
    Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
    Nero Core Components (x32 Version: 11.0.16900.1.27 - Nero AG) Hidden
    Nero Express (x32 Version: 12.0.16001 - Nero AG) Hidden
    Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
    Nero Launcher (x32 Version: 12.0.3000 - Nero AG) Hidden
    Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
    OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
    PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version: - )
    Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.13.0705 - REALTEK Semiconductor Corp.)
    SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
    SavingsbullFilter (Version: 1.0.0.0 - SavingsBull Filter) Hidden <==== ATTENTION
    SelectionLinks (HKLM-x32\...\sl-cb) (Version: 1.0 - SelectionLinks) <==== ATTENTION
    Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
    Vegas Pro 11.0 (HKLM-x32\...\{B5B98340-0296-11E2-8B8E-F04DA23A5C58}) (Version: 11.0.700 - Sony)
    VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)

    ==================== Restore Points =========================

    17-03-2014 23:05:30 Installed HiJackThis
    24-03-2014 08:22:24 Windows Update
    01-04-2014 11:38:35 Windows Update

    ==================== Hosts content: ==========================

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {0C205F5A-9179-44D6-A0B1-A7089433EAAB} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {29E22AB6-8A57-45A0-966A-F1DCE79ACAB3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {332A6766-AC1B-407D-A558-6C7238B92B9E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {4913008A-94A3-4FE3-8A85-6ADC62DC3220} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-29] (AVAST Software)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {5047C5E8-EB7A-4FC6-91F7-6D24ED8952CF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: {5457C282-A99F-4EB2-BBD2-61657C4AED3E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-18] (Microsoft Corporation)
    Task: {61148703-1441-408C-9F20-9C68ACCFE285} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {6392D3C6-15E1-4C42-8F7D-4721FB0265FF} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-29] ()
    Task: {64845B8D-1164-4198-9700-1D169B8D0BB4} - System32\Tasks\4706 => Wscript.exe C:\Users\ariel\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {87290D91-6691-4899-91CA-564F6CD86093} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {9D10C8AC-B760-44C0-950B-B4700EE2F58C} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {AE52200E-EFAB-41B6-A6AE-8DCB247FC737} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {C7C83449-18C0-4FA9-8DCF-A4E47D3D51ED} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {DF76C4DE-39CC-4BD2-B582-D09E6AA74730} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {DFDECA05-C991-423A-A120-553F84BEE566} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

    ==================== Loaded Modules (whitelisted) =============

    2014-02-11 14:24 - 2009-04-17 11:17 - 00045568 _____ () C:\WINDOWS\System32\DLDFPMON.DLL
    2014-02-11 14:24 - 2007-05-04 03:23 - 00049152 _____ () C:\WINDOWS\System32\DLDFOEM.DLL
    2014-02-11 14:23 - 2009-04-17 11:15 - 00081408 _____ () C:\Program Files (x86) (x86)\Dell AIO Printer 948\ipcmt64.dll
    2014-02-12 15:16 - 2014-02-12 15:16 - 00210432 _____ () c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
    2014-02-02 12:26 - 2014-02-02 12:26 - 00317952 _____ () c:\Program Files\SavingsbullFilter\ProtocolFilters.dll
    2013-11-19 01:42 - 2013-11-19 01:42 - 00110080 _____ () c:\Program Files\SavingsbullFilter\nfapi.dll
    2012-12-14 03:42 - 2012-12-14 03:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-02-11 14:23 - 2009-04-27 15:30 - 00410280 _____ () C:\Program Files (x86) (x86)\Dell AIO Printer 948\memcard.exe
    2014-02-22 02:10 - 2014-02-22 02:10 - 13424640 _____ () C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\EvernoteMetro.exe
    2014-03-11 20:35 - 2014-03-11 20:46 - 00526848 _____ () C:\Program Files\WindowsApps\7digitalLtd.7digitalMusicStore_2.1.4.0_neutral__qv1vc61z2t2b4\SevenDigital.Win8.App.exe
    2014-03-19 12:19 - 2014-03-19 09:18 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14031901\algo.dll
    2014-04-03 04:53 - 2014-04-03 02:47 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14040300\algo.dll
    2014-04-04 04:59 - 2014-04-04 03:20 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14040400\algo.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-08-23 01:26 - 2012-08-23 01:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
    2012-08-23 01:26 - 2012-08-23 01:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\VolumeSnapshot.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\Online.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OsSettingPort.dll
    2012-08-23 01:26 - 2012-08-23 01:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OutlookShadow.dll
    2014-01-29 14:26 - 2014-01-29 14:26 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2009-04-16 14:02 - 2009-04-16 14:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    2009-04-24 01:33 - 2009-04-24 01:33 - 00139264 _____ () C:\Program Files (x86)\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll
    2009-04-16 14:03 - 2009-04-16 14:03 - 00166400 _____ () C:\Program Files (x86)\OpenOffice.org 3\Basis\program\libxslt.dll
    2014-02-11 14:23 - 2007-04-09 10:16 - 00147456 _____ () C:\Program Files (x86) (x86)\Dell AIO Printer 948\DLDFptp.dll
    2012-11-19 21:49 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2014-02-22 02:10 - 2014-02-22 02:10 - 00545280 _____ () C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\LibSQLite.dll
    2014-02-22 02:10 - 2014-02-22 02:10 - 00204800 _____ () C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\LibPCRE.dll
    2014-02-22 02:10 - 2014-02-22 02:10 - 00299520 _____ () C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\LibTidy.dll
    2014-02-22 02:10 - 2014-02-22 02:10 - 00385536 _____ () C:\Program Files\WindowsApps\Evernote.Evernote_2.2.0.17_x86__q4d96b2w5wcc2\Sibbiheim.Cacsade.dll
    2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Users\ariel\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============

    Name: HL-DT-ST DVDRAM GT51N
    Description: CD-ROM Drive
    Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard CD-ROM drives)
    Service: cdrom
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/04/2014 03:45:43 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 25500390

    Error: (04/04/2014 03:45:43 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 25500390

    Error: (04/04/2014 03:45:43 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/04/2014 03:45:41 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 25499312

    Error: (04/04/2014 03:45:41 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 25499312

    Error: (04/04/2014 03:45:41 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/04/2014 08:40:45 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2812

    Error: (04/04/2014 08:40:45 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2812

    Error: (04/04/2014 08:40:45 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/03/2014 01:56:07 AM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13165281


    System errors:
    =============
    Error: (04/04/2014 03:51:33 PM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

    Error: (04/04/2014 03:48:42 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (04/04/2014 08:40:41 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

    Error: (04/04/2014 08:40:41 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

    Error: (04/04/2014 08:40:41 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

    Error: (04/04/2014 08:40:41 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

    Error: (04/04/2014 08:40:41 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

    Error: (04/04/2014 08:40:41 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

    Error: (04/04/2014 08:40:41 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

    Error: (04/04/2014 08:40:41 AM) (Source: Schannel) (User: NT AUTHORITY)
    Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.


    Microsoft Office Sessions:
    =========================
    Error: (04/04/2014 03:45:43 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 25500390

    Error: (04/04/2014 03:45:43 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 25500390

    Error: (04/04/2014 03:45:43 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/04/2014 03:45:41 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 25499312

    Error: (04/04/2014 03:45:41 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 25499312

    Error: (04/04/2014 03:45:41 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/04/2014 08:40:45 AM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2812

    Error: (04/04/2014 08:40:45 AM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2812

    Error: (04/04/2014 08:40:45 AM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/03/2014 01:56:07 AM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13165281


    ==================== Memory info ===========================

    Percentage of memory in use: 47%
    Total physical RAM: 3909.27 MB
    Available physical RAM: 2040.12 MB
    Total Pagefile: 5506.12 MB
    Available Pagefile: 2542.04 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:448.85 GB) (Free:216.02 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: A9B30E2B)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1122189