1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win 8: Unending pop-ups, Yellow Moxie, etc; freezing, slow down

Discussion in 'Virus & Other Malware Removal' started by greyhndz, Dec 25, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. greyhndz

    greyhndz Thread Starter

    Joined:
    Dec 24, 2012
    Messages:
    13
    Hi, and thanks in advance for your help.

    Asus Zenbook UX31E, upgraded (?) to Win 8 2 wks after purchase.
    Approx 2 wks ago, marked slowdown using various pgms: most notably MS office apps, PhotoFiltre and other graphics, and when online in Firefox or using T'Bird (desktop client).
    For past 2 weeks, iintractable pop-ups on mouseovers on web pages. Many are yellow moxie, but other sources as well. m running AdBlock+ which hasn't resolved the problem. Have been running Ghostery to block script, but not effective. I assume Zen is infected, which Avast hasn't identified.

    I found a thread with a similar problem here and am hoping for equally successful outcome!

    Here are logs;

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:11:43 AM, on 12/25/2012
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v10.0 (10.00.9200.16453)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Users\Jordan\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Jordan\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Backblaze\bzbui.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Users\Jordan\Desktop\HijackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    O4 - HKLM\..\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jordan\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\system32\AdminService.exe (file missing)
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Backblaze Service (bzserv) - Unknown owner - C:\Program Files (x86)\Backblaze\bzserv.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13132 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.9.2
    Run by Jordan at 1:20:29 on 2012-12-25
    Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.3999.2262 [GMT -5:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\svchost.exe -k apphost
    C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    C:\WINDOWS\system32\AdminService.exe
    C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Backblaze\bzserv.exe
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\WINDOWS\system32\dashost.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k iissvcs
    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Backblaze\bzfilelist.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    C:\WINDOWS\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\WINDOWS\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\WINDOWS\system32\taskhostex.exe
    C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ASUS PowerWiz\PowerWiz.exe
    C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
    C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Users\Jordan\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Jordan\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Backblaze\bzbui.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
    C:\Users\Jordan\Desktop\HijackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\WINDOWS\system32\taskhost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://asus.msn.com
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: ASUS Browser Extension x86: {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    uRun: [Akamai NetSession Interface] "C:\Users\Jordan\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: EnableInstallerDetection = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{76F1C110-2EA1-45CF-822F-C726C6A98019} : DHCPNameServer = 192.168.2.1 192.168.2.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://asus.msn.com
    x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-BHO: ASUS Browser Extension x64: {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll
    x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
    x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
    x64-Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    x64-Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    x64-Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-mPolicies-System: EnableInstallerDetection = dword:0
    x64-mPolicies-System: PromptOnSecureDesktop = dword:0
    x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\
    FF - prefs.js: browser.startup.homepage - hxxp://forum.greytalk.com/index.php?act=idx
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
    FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-11-11 23:42; {22119944-ED35-4ab1-910B-E619EA06A115}; C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF - ExtSQL: 2012-11-17 13:37; [email protected]; C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    FF - ExtSQL: 2012-11-27 21:38; [email protected]; C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\extensions\[email protected]
    FF - ExtSQL: 2012-12-03 10:50; [email protected]; C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\extensions\[email protected]
    FF - ExtSQL: 2012-12-24 22:35; [email protected]; C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\extensions\[email protected]
    FF - ExtSQL: 2012-12-24 22:39; [email protected]; C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 assd;assd;C:\WINDOWS\System32\Drivers\assd.sys [2012-2-2 27056]
    R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2012-10-20 55024]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-11-12 920736]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120]
    R2 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2012-8-29 208384]
    R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2012-11-1 206000]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
    R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2012-10-9 143024]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\WINDOWS\System32\Drivers\TurboB.sys [2010-11-29 16120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-2 2656280]
    R3 AiCharger;ASUS Charger Driver;C:\WINDOWS\System32\Drivers\AiCharger.sys [2012-2-2 17152]
    R3 ATP;ASUS PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\AsusTP.sys [2012-9-11 56704]
    R3 BtFilter;BtFilter;C:\WINDOWS\System32\Drivers\btfilter.sys [2012-8-29 565760]
    R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\WINDOWS\System32\Drivers\FLxHCIc.sys [2012-7-19 246568]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\WINDOWS\System32\Drivers\FLxHCIh.sys [2012-7-19 76584]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2012-12-8 315536]
    R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\Drivers\WSDScan.sys [2012-11-18 23552]
    S3 fssfltr;fssfltr;C:\WINDOWS\System32\Drivers\fssfltr.sys [2011-10-17 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\htcnprot.sys [2010-6-25 36928]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\WINDOWS\System32\WScript.exe "%1" %* [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2012-12-20 18:57:23 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll
    2012-12-20 18:57:23 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll
    2012-12-20 18:57:23 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
    2012-12-20 18:57:23 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
    2012-12-19 23:27:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-17 05:03:13 65536 ----a-w- C:\Program Files (x86)\imageconvert_.exe
    2012-12-17 02:04:42 -------- d-----w- C:\Users\Jordan\AppData\Local\Programs
    2012-12-16 09:04:37 -------- d-----w- C:\Users\Jordan\Incomplete
    2012-12-16 09:02:13 -------- d-----w- C:\Users\Jordan\AppData\Roaming\MP3Rocket
    2012-12-16 09:02:11 -------- d-----w- C:\Program Files (x86)\MP3 Rocket
    2012-12-16 08:02:54 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
    2012-12-16 08:02:54 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll
    2012-12-16 08:02:54 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll
    2012-12-16 08:02:54 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll
    2012-12-16 08:02:51 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
    2012-12-16 08:02:51 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
    2012-12-16 02:52:58 522640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
    2012-12-15 20:14:06 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
    2012-12-15 20:14:06 1131520 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
    2012-12-15 20:14:06 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll
    2012-12-15 20:14:05 707584 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
    2012-12-15 20:14:02 6971624 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
    2012-12-15 20:14:01 1184256 ----a-w- C:\WINDOWS\System32\Display.dll
    2012-12-15 04:22:22 -------- d-----w- C:\Users\Jordan\AppData\Roaming\DVDVideoSoftIEHelpers
    2012-12-15 04:19:18 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
    2012-12-15 04:19:18 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
    2012-12-15 04:18:10 -------- d-----w- C:\Users\Jordan\AppData\Roaming\DVDVideoSoft
    2012-12-14 15:25:16 -------- d-----w- C:\Users\Jordan\AppData\Roaming\ZoomBrowser EX
    2012-12-14 05:28:02 -------- d-----w- C:\Users\Jordan\AppData\Roaming\PeaZip
    2012-12-14 01:04:09 -------- d-----w- C:\Program Files (x86)\PeaZip
    2012-12-12 20:37:49 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2012-12-12 20:37:47 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2012-12-12 01:28:09 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
    2012-12-12 01:28:09 2048 ----a-w- C:\WINDOWS\System32\tzres.dll
    2012-12-12 01:27:57 945152 ----a-w- C:\WINDOWS\System32\resetengmig.dll
    2012-12-12 01:27:57 443392 ----a-w- C:\WINDOWS\System32\ReAgent.dll
    2012-12-12 01:27:57 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
    2012-12-12 01:27:57 132096 ----a-w- C:\WINDOWS\System32\sysreset.exe
    2012-12-12 01:27:57 1009664 ----a-w- C:\WINDOWS\System32\reseteng.dll
    2012-12-11 22:50:59 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
    2012-12-11 20:12:33 213696 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10187.bin
    2012-12-11 03:59:32 -------- d-----w- C:\Program Files (x86)\Auslogics
    2012-12-11 03:12:28 348160 ----a-w- C:\WINDOWS\SysWow64\msvcr71.dll
    2012-12-11 03:12:28 -------- d-----w- C:\Program Files (x86)\VisiPics
    2012-12-11 02:53:16 -------- d-----w- C:\Program Files (x86)\Easy Future Software
    2012-12-10 20:39:12 -------- d-----r- C:\Users\Jordan\My Webs
    2012-12-09 02:46:12 -------- d-----w- C:\Program Files\Common Files\Cloanto
    2012-12-09 02:46:10 -------- d-----w- C:\Program Files (x86)\Common Files\Cloanto
    2012-12-09 02:45:15 -------- d-----w- C:\Program Files (x86)\Cloanto
    2012-12-09 00:02:26 315536 ----a-w- C:\WINDOWS\System32\drivers\RtsUVStor.sys
    2012-12-09 00:02:24 9888912 ----a-w- C:\WINDOWS\SysWow64\RtsUVStoricon.dll
    2012-12-08 21:31:41 -------- d-----w- C:\Program Files\Fresco Logic
    2012-12-06 22:21:44 -------- d-----w- C:\Users\Jordan\AppData\Roaming\temp
    2012-12-03 15:50:15 -------- d-----w- C:\ProgramData\Premium
    2012-12-03 15:49:26 -------- d-----w- C:\ProgramData\wxDownload
    2012-12-02 22:15:09 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
    2012-12-02 22:12:59 5972992 ----a-w- C:\WINDOWS\System32\RCoRes64.dat
    2012-11-29 01:27:42 405504 ----a-w- C:\WINDOWS\System32\pcasvc.dll
    2012-11-29 01:27:41 31232 ----a-w- C:\WINDOWS\System32\pcadm.dll
    2012-11-29 01:27:41 13312 ----a-w- C:\WINDOWS\System32\pcalua.exe
    2012-11-29 01:27:41 11776 ----a-w- C:\WINDOWS\System32\pcaevts.dll
    2012-11-28 06:27:28 -------- d-----w- C:\Users\Jordan\AppData\Local\gfie
    .
    ==================== Find3M ====================
    .
    2012-12-25 06:06:43 45056 ----a-w- C:\WINDOWS\SysWow64\acovcnt.exe
    2012-12-02 22:02:59 1756264 ----a-w- C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll
    2012-11-29 23:06:06 80736 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-29 23:06:06 695648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    2012-11-28 04:21:17 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
    2012-11-28 04:20:59 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
    2012-11-20 05:24:19 1164800 ----a-w- C:\WINDOWS\SysWow64\Display.dll
    2012-11-20 05:24:17 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
    2012-11-20 05:17:20 49152 ----a-w- C:\WINDOWS\System32\DevDispItemProvider.dll
    2012-11-20 05:02:46 6656 ----a-w- C:\WINDOWS\SysWow64\KBDKURD.DLL
    2012-11-20 04:59:26 7168 ----a-w- C:\WINDOWS\System32\KBDKURD.DLL
    2012-11-20 04:56:27 27136 ----a-w- C:\WINDOWS\System32\drivers\usbohci.sys
    2012-11-20 04:56:11 83456 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
    2012-11-20 04:54:31 39936 ----a-w- C:\WINDOWS\System32\drivers\hidi2c.sys
    2012-11-15 06:08:41 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
    2012-11-15 06:06:34 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
    2012-11-12 09:47:07 28672 ----a-w- C:\WINDOWS\SysWow64\AsIO.dll
    2012-11-12 09:47:07 13440 ----a-w- C:\WINDOWS\SysWow64\drivers\AsIO.sys
    2012-11-08 04:25:36 523776 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
    2012-11-08 04:25:36 143872 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
    2012-11-08 04:25:36 124928 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2012-11-08 04:25:35 1775104 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
    2012-11-08 04:24:27 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
    2012-11-08 04:24:22 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
    2012-11-08 04:24:22 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
    2012-11-08 04:24:19 75776 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll
    2012-11-08 04:24:06 10752 ----a-w- C:\WINDOWS\SysWow64\dciman32.dll
    2012-11-08 04:22:21 641536 ----a-w- C:\WINDOWS\System32\WSShared.dll
    2012-11-08 04:22:20 198656 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
    2012-11-08 04:22:20 163840 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2012-11-08 04:22:19 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
    2012-11-08 04:21:00 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
    2012-11-08 04:20:56 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll
    2012-11-08 04:20:56 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
    2012-11-08 04:20:50 96256 ----a-w- C:\WINDOWS\System32\fontsub.dll
    2012-11-08 04:20:37 14336 ----a-w- C:\WINDOWS\System32\dciman32.dll
    2012-11-08 04:02:16 3072 ----a-w- C:\WINDOWS\System32\lpk.dll
    2012-11-08 04:01:40 3072 ----a-w- C:\WINDOWS\SysWow64\lpk.dll
    2012-11-08 03:59:49 4056576 ----a-w- C:\WINDOWS\System32\win32k.sys
    2012-11-08 01:56:52 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
    2012-11-06 07:52:07 445160 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
    2012-11-06 07:52:04 277736 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys
    2012-11-06 07:36:23 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
    2012-11-06 07:36:14 96488 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
    2012-11-06 07:35:34 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
    2012-11-06 07:35:31 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
    2012-11-06 07:33:46 253512 ----a-w- C:\WINDOWS\System32\audiodg.exe
    2012-11-06 07:33:45 490064 ----a-w- C:\WINDOWS\System32\AudioEng.dll
    2012-11-06 07:33:45 447792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
    2012-11-06 07:33:30 1566432 ----a-w- C:\WINDOWS\System32\ole32.dll
    2012-11-06 05:00:06 463768 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
    2012-11-06 05:00:06 427568 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
    2012-11-06 05:00:06 324344 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
    2012-11-06 04:54:13 2205696 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
    2012-11-06 04:48:27 1150160 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
    2012-11-06 04:19:59 470016 ----a-w- C:\WINDOWS\System32\wlanmsm.dll
    2012-11-06 04:18:58 84992 ----a-w- C:\WINDOWS\SysWow64\fdWCN.dll
    2012-11-06 04:17:58 110080 ----a-w- C:\WINDOWS\System32\dafWCN.dll
    2012-11-06 04:17:44 718848 ----a-w- C:\WINDOWS\System32\BFE.DLL
    2012-11-06 04:17:43 2302464 ----a-w- C:\WINDOWS\System32\authui.dll
    2012-11-06 04:17:42 785920 ----a-w- C:\WINDOWS\System32\audiosrv.dll
    2012-11-06 04:17:41 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
    2012-11-06 04:17:35 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll
    2012-11-06 04:17:33 322560 ----a-w- C:\WINDOWS\System32\aaclient.dll
    2012-11-06 04:17:32 212992 ----a-w- C:\WINDOWS\System32\bthprops.cpl
    2012-11-06 04:00:44 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll
    2012-11-06 04:00:17 16384 ----a-w- C:\WINDOWS\System32\iscsilog.dll
    2012-11-06 03:58:53 9728 ----a-w- C:\WINDOWS\System32\wlanhlp.dll
    2012-11-06 03:56:35 9728 ----a-w- C:\WINDOWS\SysWow64\wlanhlp.dll
    2012-11-06 03:55:44 22528 ----a-w- C:\WINDOWS\System32\drivers\fxppm.sys
    2012-11-06 03:55:09 212992 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
    2012-11-06 03:55:02 90624 ----a-w- C:\WINDOWS\System32\drivers\amdk8.sys
    2012-11-06 03:55:02 89088 ----a-w- C:\WINDOWS\System32\drivers\intelppm.sys
    2012-11-06 03:55:02 88064 ----a-w- C:\WINDOWS\System32\drivers\amdppm.sys
    2012-11-06 03:55:02 87552 ----a-w- C:\WINDOWS\System32\drivers\processr.sys
    2012-11-06 03:54:40 74752 ----a-w- C:\WINDOWS\System32\drivers\BTHUSB.SYS
    2012-11-06 03:54:09 859136 ----a-w- C:\WINDOWS\System32\drivers\http.sys
    2012-11-06 03:53:56 51712 ----a-w- C:\WINDOWS\System32\drivers\bthenum.sys
    2012-11-06 03:53:44 560640 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
    2012-11-06 03:53:12 1171968 ----a-w- C:\WINDOWS\System32\drivers\bthport.sys
    2012-11-06 03:52:49 366080 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
    2012-11-06 03:51:47 665600 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
    2012-11-03 05:26:40 34816 ----a-w- C:\WINDOWS\System32\dpnsvr.exe
    2012-11-03 05:26:12 32256 ----a-w- C:\WINDOWS\SysWow64\dpnsvr.exe
    2012-11-03 05:24:34 8192 ----a-w- C:\WINDOWS\SysWow64\dpnhupnp.dll
    2012-11-03 05:24:34 8192 ----a-w- C:\WINDOWS\SysWow64\dpnhpast.dll
    2012-11-03 05:24:34 58880 ----a-w- C:\WINDOWS\SysWow64\dpnathlp.dll
    2012-11-03 05:24:34 375808 ----a-w- C:\WINDOWS\SysWow64\dpnet.dll
    2012-11-03 05:24:11 9216 ----a-w- C:\WINDOWS\System32\dpnhupnp.dll
    2012-11-03 05:24:11 9216 ----a-w- C:\WINDOWS\System32\dpnhpast.dll
    2012-11-03 05:24:11 67584 ----a-w- C:\WINDOWS\System32\dpnathlp.dll
    2012-11-03 05:24:11 463872 ----a-w- C:\WINDOWS\System32\dpnet.dll
    2012-11-03 05:04:21 4096 ----a-w- C:\WINDOWS\System32\dpnlobby.dll
    2012-11-03 05:04:19 3584 ----a-w- C:\WINDOWS\System32\dpnaddr.dll
    2012-11-03 05:00:54 3072 ----a-w- C:\WINDOWS\SysWow64\dpnlobby.dll
    2012-11-03 05:00:53 2560 ----a-w- C:\WINDOWS\SysWow64\dpnaddr.dll
    2012-10-30 22:51:07 41224 ----a-w- C:\WINDOWS\avastSS.scr
    2012-10-24 03:25:41 26624 ----a-w- C:\WINDOWS\System32\ReAgentc.exe
    2012-10-24 02:48:12 24064 ----a-w- C:\WINDOWS\SysWow64\ReAgentc.exe
    2012-10-20 03:22:05 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
    .
    ============= FINISH: 1:20:40.59 ===============

    FINISHING IN NEW POST
     
  2. greyhndz

    greyhndz Thread Starter

    Joined:
    Dec 24, 2012
    Messages:
    13
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8 Pro with Media Center
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/10/2012 8:57:14 PM
    System Uptime: 12/25/2012 1:02:53 AM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | UX31E
    Processor: Intel(R) Core(TM) i5-2557M CPU @ 1.70GHz | CPU 1 | 1701/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 111 GiB total, 25.212 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP14: 12/16/2012 11:14:06 PM - Removed 7-Zip 9.22 (x64 edition)
    RP15: 12/18/2012 2:40:28 AM - Configured Power2Go
    RP16: 12/19/2012 8:05:19 PM - Removed iTunes
    RP17: 12/22/2012 12:29:28 AM - Removed Adobe Photoshop.com Inspiration Browser
    RP18: 12/24/2012 12:44:35 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    ??????? Windows Live Mesh ActiveX ??(????)
    ??????? Windows Live Mesh ActiveX ???
    Adobe AIR
    Adobe Digital Editions 2.0
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 8.0
    Adobe Photoshop.com Inspiration Browser
    Akamai NetSession Interface
    AnswerWorks 5.0 English Runtime
    ASUS AI Recovery
    ASUS Boot Setting
    ASUS FaceLogon
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS PowerWiz
    ASUS PWR Option
    ASUS Secure Delete
    ASUS Smart Gesture
    ASUS Splendid Video Enhancement Technology
    ASUS Tutor
    ASUS USB Charger Plus
    ASUS Virtual Touch
    ASUS WebStorage
    AsusScr_ZENBOOK_31
    AsusVibe2.0
    ATK Package
    Auslogics Duplicate File Finder
    AX88772B Windows 7 Drivers
    Backblaze
    Bonjour
    Canon DIGITAL CAMERA Solution Disk Software Guide
    CANON iMAGE GATEWAY MyCamera Download Plugin
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Personal Printing Guide
    Canon PowerShot SX30 IS Camera User Guide
    Canon Utilities CameraWindow DC 8
    Canon Utilities CameraWindow Launcher
    Canon Utilities Movie Uploader for YouTube
    Canon Utilities MyCamera
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    EasyTether
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 630 Series Printer Uninstall
    EpsonNet Print
    EpsonNet Setup 3.3
    ETDWare PS/2-X64 10.5.5.0
    FileZilla Client 3.6.0.2
    Fresco Logic USB3.0 Host Controller
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Garmin USB Drivers
    Garmin WebUpdater
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    iCloud
    InstantOn for NB
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Turbo Boost Technology Monitor 2.0
    Java 7 Update 9
    Java Auto Updater
    Junk Mail filter update
    LG CyberLink LabelPrint
    LG CyberLink Media Suite
    LG CyberLink PowerBackup
    LG ODD Auto Firmware Update
    Mesh Runtime
    Microsoft Application Error Reporting
    Microsoft Expression Design 4
    Microsoft Expression Encoder 4
    Microsoft Expression Encoder 4 Screen Capture Codec
    Microsoft Expression Web 4
    Microsoft Expression Web 4 Service Pack 2
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MozBackup 1.5.1
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0 (x86 en-US)
    MP3 Rocket
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    Nuance PDF Reader
    Opera 12.02
    PeaZip 4.8
    PhotoFiltre 7
    Qualcomm Atheros WiFi Driver Installation
    Quicken 2010
    Quicken WillMaker Plus 2013
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    RoboForm 7-8-4-6 (All Users)
    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
    Security Update for Microsoft Expression Design 4 (KB2667730)
    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
    Start8
    Syncios version 2.0.2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    VideoPad Video Editor
    VisiPics V1.30
    Windows 7 USB/DVD Download Tool
    Windows Driver Package - ASUS (ATP) Mouse (08/27/2012 1.0.0.125)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinFlash
    WinPatrol
    Wireless Console 3
    WModem Driver Installer
    WxDownload Expansion
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/25/2012 12:59:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/25/2012 12:59:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/25/2012 12:57:48 AM, Error: Service Control Manager [7001] - The Net.Msmq Listener Adapter service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 12:49:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e1 (0xfffff80306edb3b4, 0x0000000000000001, 0xfffffa800e6e49d0, 0xfffffa800e6e49d0). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 122512-9828-01.
    12/25/2012 12:42:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
    12/25/2012 1:03:03 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{76F1C110-2EA1-45CF-822F-C726C6A98019} because another computer on the network has the same name. The server could not start.
    12/25/2012 1:03:03 AM, Error: NetBT [4321] - The name "JORDAN-PC :20" could not be registered on the interface with IP address 192.168.2.5. The computer with the IP address 192.168.2.6 did not allow the name to be claimed by this computer.
    12/25/2012 1:03:03 AM, Error: NetBT [4321] - The name "JORDAN-PC :0" could not be registered on the interface with IP address 192.168.2.5. The computer with the IP address 192.168.2.6 did not allow the name to be claimed by this computer.
    12/25/2012 1:02:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/19/2012 8:11:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    12/19/2012 8:11:38 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/19/2012 6:27:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    12/19/2012 6:26:37 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/19/2012 6:26:16 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/18/2012 2:16:18 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    12/18/2012 1:59:59 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user Jordan-PC\Jordan SID (S-1-5-21-893899677-1721025003-3098471960-1001) from address LocalHost (Using LRPC) running in the application container AccuWeather.AccuWeatherforWindows8_2.1.8.2_x64__8zz2pj9h1h1d8 SID (S-1-15-2-359386925-4037696881-724898997-1416845164-233709623-2974364301-3644279824). This security permission can be modified using the Component Services administrative tool.
    12/18/2012 1:28:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff8024b27a59d). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 121812-7125-01.
    .
    ==== End Of File ===========================


    I uninstalled Avast, and have not made any further changes, pending your suggestions.
    I forgot to mention that I discovered an extension in FF called "Info Atoms" which I had not been aware of, but had been installed end-November. I disabled but was not able to uninstall. I removed all remaining folders in App Data and the remaining program files. This appears to be a pop-up pgm but disabling and deleting files has not changed the underlying problem.
    Thanks so much!
    Jordan
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  4. greyhndz

    greyhndz Thread Starter

    Joined:
    Dec 24, 2012
    Messages:
    13
    Here you go.

    # AdwCleaner v2.102 - Logfile created 12/25/2012 at 05:22:39
    # Updated 23/12/2012 by Xplode
    # Operating system : Windows 8 Pro with Media Center (64 bits)
    # User : Jordan - JORDAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Jordan\Desktop\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\searchplugins\search-here.xml
    Folder Found : C:\ProgramData\InstallMate
    Folder Found : C:\ProgramData\Premium
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\Jordan\AppData\Local\SwvUpdater

    ***** [Registry] *****

    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\PIP
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\PIP

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16453

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    File : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\prefs.js

    Found : user_pref("de.soerenrinne.googlebuttons.wholeshebang", "Mail,3D Warehouse,Aardvark,Accounts,Ad Manag[...]
    Found : user_pref("extensions.50bcca309d7a6.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

    -\\ Opera v12.2.1578.0

    File : C:\Users\Jordan\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1503 octets] - [25/12/2012 05:22:39]

    ########## EOF - C:\AdwCleaner[R1].txt - [1563 octets] ##########
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    a few minor things there we will clear up first, but it isn't finding the suspicious looking Firefox add ons that DDS is showing

    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    when it reboots

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. greyhndz

    greyhndz Thread Starter

    Joined:
    Dec 24, 2012
    Messages:
    13
    ETA: this is before following through on your new instructions. Will post back with new log.


    A few problems: The pop-up (see below) is still occurring on mouse-over of various terms (in this case, paupal). The pop-ups are transparent since I attempted to block the text boxes via AdBlock +.


    [​IMG]

    Also, my libraries are null and void:


    [​IMG]


    Thanks again
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
  8. greyhndz

    greyhndz Thread Starter

    Joined:
    Dec 24, 2012
    Messages:
    13
    Here is the log:
    # AdwCleaner v2.102 - Logfile created 12/25/2012 at 06:39:21
    # Updated 23/12/2012 by Xplode
    # Operating system : Windows 8 Pro with Media Center (64 bits)
    # User : Jordan - JORDAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Jordan\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\searchplugins\search-here.xml
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Jordan\AppData\Local\SwvUpdater

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\PIP

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16453

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    File : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\lnd32050.default\prefs.js

    Deleted : user_pref("de.soerenrinne.googlebuttons.wholeshebang", "Mail,3D Warehouse,Aardvark,Accounts,Ad Manag[...]
    Deleted : user_pref("extensions.50bcca309d7a6.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

    -\\ Opera v12.2.1578.0

    File : C:\Users\Jordan\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    Going to run junkware removal right now. I'd already deleted Avast until this process is completed.

    AdwCleaner[R1].txt - [1632 octets] - [25/12/2012 05:22:39]
    AdwCleaner[S1].txt - [1589 octets] - [25/12/2012 06:39:21]

    ########## EOF - C:\AdwCleaner[S1].txt - [1649 octets] ##########
     
  9. greyhndz

    greyhndz Thread Starter

    Joined:
    Dec 24, 2012
    Messages:
    13
    Here you go!


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.2.5 (12.24.2012:1)
    OS: Windows 8 Pro with Media Center x64
    Ran by Jordan on Tue 12/25/2012 at 6:47:10.38
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup



    ~~~ Files

    Successfully deleted: [File] C:\WINDOWS\prefetch\ASKINSTALLER.EXE-719126F7.pf



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Jordan\AppData\Roaming\dvdvideosoftiehelpers"



    ~~~ FireFox

    Successfully deleted: [File] "C:\Users\Jordan\AppData\Roaming\mozilla\firefox\profiles\lnd32050.default\extensions\[email protected]"
    Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]"
    Successfully deleted: [Folder] C:\Users\Jordan\AppData\Roaming\mozilla\firefox\profiles\lnd32050.default\extensions\[email protected]
    Successfully deleted the following from C:\Users\Jordan\AppData\Roaming\mozilla\firefox\profiles\lnd32050.default\prefs.js

    user_pref("extensions.50bcca309d7a6.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear
    user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
    user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
    user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*");
    user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ
    user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\\\:\\\\/\\\\/msxml\\\\.excite\\\\.com\\\\/search\\\\/.*");



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 12/25/2012 at 6:53:09.64
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    reboot & tell me if you are still getting the pop ups & diverts etc
     
  11. greyhndz

    greyhndz Thread Starter

    Joined:
    Dec 24, 2012
    Messages:
    13
    will reboot right now, but already, pop-ups appear to be gone. Back after reboot
     
  12. greyhndz

    greyhndz Thread Starter

    Joined:
    Dec 24, 2012
    Messages:
    13
    Success! no pop-ups, back to normal speed. I'm eternally grateful! (and will head over to the paypal button in just a moment)

    What is your recommendation for the best Anti-malware pgm for live protection?
    Is it wise to perhaps run one or more of the 4 tools used above, on a regular basis? Or for a recurrence of problems? Or would it be safer to post here for specific directions?

    It's so frustrating -- I routinely avoid downloading from CNET or other sites which appear to bundle their software, and I always use custom installation. Foiled again!
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us

    Check here before running any of the tools
     
  14. greyhndz

    greyhndz Thread Starter

    Joined:
    Dec 24, 2012
    Messages:
    13
    Thanks so much to Derek, for his splendid guidance in solving our problems. All directions followed, malwarebytes and Win Defender running, and updates installed. Most importantly, security has been vastly tightened!

    I have seen the light! :eek:
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    glad to help
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082285

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice